ما هي عمليات التحقق التي يمكن تجاوزها وكيف عند استخدام الـ API لإنشاء المواضيع والمنشورات؟

Isambard · 13 مارس 2024، 10:39م

Which validations can you bypass and how? I’m trying to use API to post and am hitting things like:

Entropy too low
Topic too short
Body too similar

The problem is, it is hard to know what other checks might be caught and so I just stop when I hit one, abort and run again.

pfaffman · 14 مارس 2024، 7:03م

If you’re importing more than a few posts from an existing database then you should use a migration script.

There’s a skip_validations parameter you can pass in Ruby, but I don’t know if you can pass it with the API.

But also, do you really want to create a bunch of short posts that have very few different characters and are just like other posts? There are site settings for those that you can change if you search site settings for those words (entropy, minimum post length, min title similar length or allow duplicate titles)

Arkshine · 14 مارس 2024، 10:40م

Yes, that should work (WP-Discourse uses it, for example)

github.com

discourse/discourse/blob/main/app/controllers/posts_controller.rb#L821


      
              end
            end
          end
          
          # param munging for WordPress
          params[:auto_track] = !(params[:auto_track].to_s == "false") if params[:auto_track]
          params[:visible] = (params[:unlist_topic].to_s == "false") if params[:unlist_topic]
          
          if is_api?
            # php seems to be sending this incorrectly, don't fight with it
            params[:skip_validations] = params[:skip_validations].to_s == "true"
            permitted << :skip_validations
          
            params[:import_mode] = params[:import_mode].to_s == "true"
            permitted << :import_mode
          
            # We allow `embed_url` via the API
            permitted << :embed_url
          
            # We allow `created_at` via the API
            permitted << :created_at

Isambard · 19 مارس 2024، 12:12ص

I think there is a bug in the skip validations.

When I use skip validations to create a Topic, this works and it is possible for user to create a topic in a category even if normally he would have no rights to do so.

However, when trying to reply to that same topic, the validation check is not skipped and this post create fails.

Arkshine · 20 مارس 2024، 9:04م

Can you elaborate on what post validations you are referring to exactly? What errors do you get?

simon · 20 مارس 2024، 10:46م

Are you sure about that? My understanding is that skip_validations does what it says it does in the options section that’s at the bottom of post_creator.rb:

github.com

discourse/discourse/blob/main/lib/post_creator.rb#L37


      
          #                               :raw_html - Perform no processing
          #                               :raw_email - Imported from an email
          #   via_email               - Mark this post as arriving via email
          #   raw_email               - Full text of arriving email (to store)
          #   action_code             - Describes a small_action post (optional)
          #   skip_jobs               - Don't enqueue jobs when creation succeeds. This is needed if you
          #                             wrap `PostCreator` in a transaction, as the sidekiq jobs could
          #                             dequeue before the commit finishes. If you do this, be sure to
          #                             call `enqueue_jobs` after the transaction is committed.
          #   hidden_reason_id        - Reason for hiding the post (optional)
          #   skip_validations        - Do not validate any of the content in the post
          #   draft_key               - the key of the draft we are creating (will be deleted on success)
          #   advance_draft           - Destroy draft after creating post or topic
          #   silent                  - Do not update topic stats and fields like last_post_user_id
          #
          #   When replying to a topic:
          #     topic_id              - topic we're replying to
          #     reply_to_post_number  - post number we're replying to
          #
          #   When creating a topic:
          #     title                 - New topic title

It’s primarily used to ignore the constraints that are added through site settings like:

min post length
min body entropy
min topic title length
…

I think it’s also used to ignore posting rate limits.

I didn’t think it allowed users to create topics in categories that they don’t have permission to post in.

الموضوع		الردود	مرات العرض
Guardian bypassed through :skip_validations in TopicCreator but not in PostCreator Dev	1	961	20 مارس 2024
Migrating Content via API hangs after 3 topics Support	7	564	15 مارس 2020
Topic duplicate Dev	1	491	6 مارس 2020
Posting a new topic via API Dev rest-api	7	3690	29 يناير 2025
How to set blank title when create topic by API Dev	18	962	20 أبريل 2021

ما هي عمليات التحقق التي يمكن تجاوزها وكيف عند استخدام الـ API لإنشاء المواضيع والمنشورات؟

الموضوعات ذات الصلة