Fix #26: do not offer any actions after burning a paste

Author: matze

CHANGELOG.md

@@ -22,6 +22,8 @@
 - Use the [two-face](https://docs.rs/two-face) crate for an extended syntax
   list.
 - Serve all CSS assets under hashed URL to avoid caching issues.
+- Do not offer any interactions for burn-after-reading pastes that will end up
+  with a 404 anyway.
 
 ### Fixes
 

src/handlers/html/paste.rs

@@ -24,6 +24,8 @@ pub struct Paste {
     key: Key,
     theme: Option<Theme>,
     can_delete: bool,
+    /// If the paste still in the database and can be fetched with another request.
+    is_available: bool,
     html: String,
     title: String,
 }
@@ -43,7 +45,7 @@ pub async fn get(
         let password = form.map(|form| Password::from(form.password.as_bytes().to_vec()));
         let key: Key = id.parse()?;
 
-        let (data, can_be_cached) = match db.get(key.id, password.clone()).await {
+        let (data, is_available) = match db.get(key.id, password.clone()).await {
             Ok(Entry::Regular(data)) => (data, true),
             Ok(Entry::Burned(data)) => (data, false),
             Ok(Entry::Expired) => return Err(Error::NotFound),
@@ -75,7 +77,7 @@ pub async fn get(
         } else {
             let html = highlighter.highlight(data, key.ext.clone()).await?;
 
-            if can_be_cached && password.is_none() {
+            if is_available && password.is_none() {
                 tracing::trace!(?key, "cache item");
                 cache.put(key.clone(), html.clone());
             }
@@ -88,6 +90,7 @@ pub async fn get(
             html,
             theme.clone(),
             can_be_deleted,
+            is_available,
             title,
             page.clone(),
         )
@@ -104,6 +107,7 @@ impl Paste {
         html: Html,
         theme: Option<Theme>,
         can_delete: bool,
+        is_available: bool,
         title: String,
         page: Page,
     ) -> Self {
@@ -114,6 +118,7 @@ impl Paste {
             key,
             theme,
             can_delete,
+            is_available,
             html,
             title,
         }

src/handlers/html/qr.rs

@@ -28,11 +28,13 @@ pub async fn get(
         let key: Key = id.parse()?;
         let title = db.get_title(key.id).await?.unwrap_or_default();
 
+        // TODO: fix the bogus hardcoded can_delete and is_deleted fields.
         Ok(Qr {
             page: page.clone(),
             theme: theme.clone(),
             key,
             can_delete: false,
+            is_available: false,
             code,
             title,
         })
@@ -49,6 +51,7 @@ pub struct Qr {
     theme: Option<Theme>,
     key: Key,
     can_delete: bool,
+    is_available: bool,
     code: qrcodegen::QrCode,
     title: String,
 }

templates/paste.html

@@ -13,6 +13,7 @@
 {% endblock %}
 
 {% block nav_common %}
+  {% if is_available %}
   {% if can_delete %}
     <div class="nav-item">
       <a href="/delete/{{ key.id() }}" class="nav-button" title="delete paste" aria-label="delete paste">
@@ -36,8 +37,10 @@
         </svg>
       </a>
     </div>
+  {% endif %}
 {% endblock %}
 {% block nav_specific %}
+  {% if is_available %}
     <div class="nav-item">
       <a href="/qr/{{ key }}" class="nav-button" title="qr code" aria-label="qr code">
         <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24">
@@ -46,4 +49,5 @@
         </svg>
       </a>
     </div>
+  {% endif %}
 {% endblock %}