akkoma/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex

1273 lines
38 KiB
Elixir
Raw Normal View History

# Pleroma: A lightweight social networking server
2018-12-31 15:41:47 +00:00
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
use Pleroma.Web, :controller
import Pleroma.Web.ControllerHelper,
only: [json_response: 3, add_link_headers: 2, truthy_param?: 1]
alias Ecto.Changeset
2019-02-09 15:16:26 +00:00
alias Pleroma.Activity
2019-04-14 12:45:56 +00:00
alias Pleroma.Bookmark
2019-02-09 15:16:26 +00:00
alias Pleroma.Config
2019-04-10 15:48:31 +00:00
alias Pleroma.Conversation.Participation
2019-08-29 19:01:37 +00:00
alias Pleroma.Emoji
2019-02-09 15:16:26 +00:00
alias Pleroma.Filter
2019-05-25 04:24:21 +00:00
alias Pleroma.HTTP
2019-02-09 15:16:26 +00:00
alias Pleroma.Object
alias Pleroma.Pagination
alias Pleroma.Plugs.RateLimiter
2019-02-09 15:16:26 +00:00
alias Pleroma.Repo
2019-03-28 09:39:10 +00:00
alias Pleroma.ScheduledActivity
2019-02-09 15:16:26 +00:00
alias Pleroma.Stats
alias Pleroma.User
2017-09-07 06:58:10 +00:00
alias Pleroma.Web
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.ActivityPub.Visibility
alias Pleroma.Web.CommonAPI
2019-02-09 15:16:26 +00:00
alias Pleroma.Web.MastodonAPI.AccountView
alias Pleroma.Web.MastodonAPI.AppView
alias Pleroma.Web.MastodonAPI.ConversationView
2019-02-09 15:16:26 +00:00
alias Pleroma.Web.MastodonAPI.FilterView
alias Pleroma.Web.MastodonAPI.ListView
alias Pleroma.Web.MastodonAPI.MastodonAPI
2019-02-09 15:16:26 +00:00
alias Pleroma.Web.MastodonAPI.MastodonView
2019-02-20 16:51:25 +00:00
alias Pleroma.Web.MastodonAPI.ReportView
2019-03-28 09:39:10 +00:00
alias Pleroma.Web.MastodonAPI.ScheduledActivityView
alias Pleroma.Web.MastodonAPI.StatusView
alias Pleroma.Web.MediaProxy
2019-02-09 15:16:26 +00:00
alias Pleroma.Web.OAuth.App
alias Pleroma.Web.OAuth.Authorization
alias Pleroma.Web.OAuth.Scopes
2019-02-09 15:16:26 +00:00
alias Pleroma.Web.OAuth.Token
alias Pleroma.Web.TwitterAPI.TwitterAPI
2018-12-06 13:50:20 +00:00
2017-09-13 13:55:10 +00:00
import Ecto.Query
2017-11-19 01:22:07 +00:00
require Logger
require Pleroma.Constants
@rate_limited_relations_actions ~w(follow unfollow)a
plug(
RateLimiter,
{:relations_id_action, params: ["id", "uri"]} when action in @rate_limited_relations_actions
)
plug(RateLimiter, :relations_actions when action in @rate_limited_relations_actions)
plug(RateLimiter, :app_account_creation when action == :account_register)
plug(RateLimiter, :search when action in [:search, :search2, :account_search])
plug(RateLimiter, :password_reset when action == :password_reset)
plug(RateLimiter, :account_confirmation_resend when action == :account_confirmation_resend)
2019-06-11 07:28:39 +00:00
@local_mastodon_name "Mastodon-Local"
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
def create_app(conn, params) do
scopes = Scopes.fetch_scopes(params, ["read"])
app_attrs =
params
|> Map.drop(["scope", "scopes"])
|> Map.put("scopes", scopes)
with cs <- App.register_changeset(%App{}, app_attrs),
false <- cs.changes[:client_name] == @local_mastodon_name,
{:ok, app} <- Repo.insert(cs) do
conn
|> put_view(AppView)
|> render("show.json", %{app: app})
end
end
2018-12-01 09:40:01 +00:00
defp add_if_present(
map,
params,
params_field,
map_field,
value_function \\ fn x -> {:ok, x} end
) do
if Map.has_key?(params, params_field) do
case value_function.(params[params_field]) do
{:ok, new_value} -> Map.put(map, map_field, new_value)
:error -> map
2018-03-30 13:01:53 +00:00
end
2018-12-01 09:40:01 +00:00
else
map
end
end
2018-12-01 09:40:01 +00:00
def update_credentials(%{assigns: %{user: user}} = conn, params) do
original_user = user
2018-12-01 09:40:01 +00:00
user_params =
%{}
|> add_if_present(params, "display_name", :name)
|> add_if_present(params, "note", :bio, fn value -> {:ok, User.parse_bio(value, user)} end)
2018-12-01 09:40:01 +00:00
|> add_if_present(params, "avatar", :avatar, fn value ->
with %Plug.Upload{} <- value,
{:ok, object} <- ActivityPub.upload(value, type: :avatar) do
{:ok, object.data}
2018-03-30 13:01:53 +00:00
else
2018-12-01 09:40:01 +00:00
_ -> :error
2018-03-30 13:01:53 +00:00
end
2018-12-01 09:40:01 +00:00
end)
2018-03-30 13:01:53 +00:00
emojis_text = (user_params["display_name"] || "") <> (user_params["note"] || "")
user_info_emojis =
user.info
|> Map.get(:emoji, [])
2019-08-29 19:01:37 +00:00
|> Enum.concat(Emoji.Formatter.get_emoji_map(emojis_text))
|> Enum.dedup()
2018-12-01 09:40:01 +00:00
info_params =
[
:no_rich_text,
:locked,
:hide_followers_count,
:hide_follows_count,
:hide_followers,
:hide_follows,
:hide_favorites,
:show_role,
:skip_thread_containment,
:discoverable
]
|> Enum.reduce(%{}, fn key, acc ->
add_if_present(acc, params, to_string(key), key, fn value ->
{:ok, truthy_param?(value)}
end)
end)
|> add_if_present(params, "default_scope", :default_scope)
2019-07-24 12:26:35 +00:00
|> add_if_present(params, "fields", :fields, fn fields ->
fields = Enum.map(fields, fn f -> Map.update!(f, "value", &AutoLinker.link(&1)) end)
2019-07-24 12:26:35 +00:00
{:ok, fields}
end)
|> add_if_present(params, "fields", :raw_fields)
|> add_if_present(params, "pleroma_settings_store", :pleroma_settings_store, fn value ->
{:ok, Map.merge(user.info.pleroma_settings_store, value)}
end)
2018-12-01 09:40:01 +00:00
|> add_if_present(params, "header", :banner, fn value ->
with %Plug.Upload{} <- value,
{:ok, object} <- ActivityPub.upload(value, type: :banner) do
{:ok, object.data}
2018-03-30 13:01:53 +00:00
else
2018-12-01 09:40:01 +00:00
_ -> :error
2018-03-30 13:01:53 +00:00
end
2018-12-01 09:40:01 +00:00
end)
|> add_if_present(params, "pleroma_background_image", :background, fn value ->
with %Plug.Upload{} <- value,
{:ok, object} <- ActivityPub.upload(value, type: :background) do
{:ok, object.data}
else
_ -> :error
end
end)
|> Map.put(:emoji, user_info_emojis)
changeset =
user
|> User.update_changeset(user_params)
|> User.change_info(&User.Info.profile_update(&1, info_params))
with {:ok, user} <- User.update_and_set_cache(changeset) do
if original_user != user, do: CommonAPI.update(user)
2018-03-30 13:01:53 +00:00
json(
conn,
AccountView.render("account.json", %{user: user, for: user, with_pleroma_settings: true})
)
else
_e -> render_error(conn, :forbidden, "Invalid request")
end
end
def update_avatar(%{assigns: %{user: user}} = conn, %{"img" => ""}) do
change = Changeset.change(user, %{avatar: nil})
{:ok, user} = User.update_and_set_cache(change)
CommonAPI.update(user)
json(conn, %{url: nil})
end
def update_avatar(%{assigns: %{user: user}} = conn, params) do
{:ok, object} = ActivityPub.upload(params, type: :avatar)
change = Changeset.change(user, %{avatar: object.data})
{:ok, user} = User.update_and_set_cache(change)
CommonAPI.update(user)
%{"url" => [%{"href" => href} | _]} = object.data
json(conn, %{url: href})
end
def update_banner(%{assigns: %{user: user}} = conn, %{"banner" => ""}) do
new_info = %{"banner" => %{}}
with {:ok, user} <- User.update_info(user, &User.Info.profile_update(&1, new_info)) do
CommonAPI.update(user)
json(conn, %{url: nil})
end
end
def update_banner(%{assigns: %{user: user}} = conn, params) do
with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}, type: :banner),
new_info <- %{"banner" => object.data},
{:ok, user} <- User.update_info(user, &User.Info.profile_update(&1, new_info)) do
CommonAPI.update(user)
%{"url" => [%{"href" => href} | _]} = object.data
json(conn, %{url: href})
end
end
def update_background(%{assigns: %{user: user}} = conn, %{"img" => ""}) do
new_info = %{"background" => %{}}
with {:ok, _user} <- User.update_info(user, &User.Info.profile_update(&1, new_info)) do
json(conn, %{url: nil})
end
end
def update_background(%{assigns: %{user: user}} = conn, params) do
with {:ok, object} <- ActivityPub.upload(params, type: :background),
new_info <- %{"background" => object.data},
{:ok, _user} <- User.update_info(user, &User.Info.profile_update(&1, new_info)) do
%{"url" => [%{"href" => href} | _]} = object.data
json(conn, %{url: href})
end
end
2017-11-19 01:22:07 +00:00
def verify_credentials(%{assigns: %{user: user}} = conn, _) do
chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
account =
AccountView.render("account.json", %{
user: user,
for: user,
with_pleroma_settings: true,
with_chat_token: chat_token
})
2017-09-07 06:58:10 +00:00
json(conn, account)
end
def verify_app_credentials(%{assigns: %{user: _user, token: token}} = conn, _) do
with %Token{app: %App{} = app} <- Repo.preload(token, :app) do
conn
|> put_view(AppView)
|> render("short.json", %{app: app})
end
end
def user(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
true <- User.auth_active?(user) || user.id == for_user.id || User.superuser?(for_user) do
account = AccountView.render("account.json", %{user: user, for: for_user})
2017-09-13 15:36:02 +00:00
json(conn, account)
else
_e -> render_error(conn, :not_found, "Can't find user")
2017-09-13 15:36:02 +00:00
end
end
2019-05-13 20:52:16 +00:00
@mastodon_api_level "2.7.2"
2017-09-15 08:26:28 +00:00
2017-09-07 06:58:10 +00:00
def masto_instance(conn, _params) do
2019-02-03 17:44:18 +00:00
instance = Config.get(:instance)
2017-09-07 06:58:10 +00:00
response = %{
2018-03-30 13:01:53 +00:00
uri: Web.base_url(),
title: Keyword.get(instance, :name),
description: Keyword.get(instance, :description),
2018-11-20 16:55:03 +00:00
version: "#{@mastodon_api_level} (compatible; #{Pleroma.Application.named_version()})",
email: Keyword.get(instance, :email),
2017-09-15 08:26:28 +00:00
urls: %{
streaming_api: Pleroma.Web.Endpoint.websocket_url()
2017-09-15 08:26:28 +00:00
},
2018-03-30 13:01:53 +00:00
stats: Stats.get_stats(),
thumbnail: Web.base_url() <> "/instance/thumbnail.jpeg",
languages: ["en"],
registrations: Pleroma.Config.get([:instance, :registrations_open]),
# Extra (not present in Mastodon):
max_toot_chars: Keyword.get(instance, :limit),
poll_limits: Keyword.get(instance, :poll_limits)
}
2017-09-07 06:58:10 +00:00
json(conn, response)
end
2017-09-09 11:15:01 +00:00
def peers(conn, _params) do
2018-03-30 13:01:53 +00:00
json(conn, Stats.get_peers())
end
defp mastodonized_emoji do
Pleroma.Emoji.get_all()
2019-08-31 07:14:53 +00:00
|> Enum.map(fn {shortcode, %Pleroma.Emoji{file: relative_url, tags: tags}} ->
2018-03-30 13:01:53 +00:00
url = to_string(URI.merge(Web.base_url(), relative_url))
%{
"shortcode" => shortcode,
"static_url" => url,
"visible_in_picker" => true,
"url" => url,
"tags" => tags,
# Assuming that a comma is authorized in the category name
"category" => (tags -- ["Custom"]) |> Enum.join(",")
}
end)
end
def custom_emojis(conn, _params) do
mastodon_emoji = mastodonized_emoji()
2018-03-30 13:01:53 +00:00
json(conn, mastodon_emoji)
end
def user_statuses(%{assigns: %{user: reading_user}} = conn, params) do
with %User{} = user <- User.get_cached_by_nickname_or_id(params["id"], for: reading_user) do
params =
params
|> Map.put("tag", params["tagged"])
2019-01-07 13:45:33 +00:00
activities = ActivityPub.fetch_user_activities(user, reading_user, params)
2017-09-10 15:46:43 +00:00
conn
|> add_link_headers(activities)
2018-12-16 16:49:42 +00:00
|> put_view(StatusView)
|> render("index.json", %{
activities: activities,
for: reading_user,
as: :activity
})
2017-09-10 15:46:43 +00:00
end
end
2019-05-21 17:40:35 +00:00
def get_poll(%{assigns: %{user: user}} = conn, %{"id" => id}) do
with %Object{} = object <- Object.get_by_id_and_maybe_refetch(id, interval: 60),
2019-05-21 17:40:35 +00:00
%Activity{} = activity <- Activity.get_create_by_object_ap_id(object.data["id"]),
true <- Visibility.visible_for_user?(activity, user) do
conn
|> put_view(StatusView)
|> try_render("poll.json", %{object: object, for: user})
else
error when is_nil(error) or error == false ->
render_error(conn, :not_found, "Record not found")
2019-05-21 17:40:35 +00:00
end
end
defp get_cached_vote_or_vote(user, object, choices) do
idempotency_key = "polls:#{user.id}:#{object.data["id"]}"
{_, res} =
Cachex.fetch(:idempotency_cache, idempotency_key, fn _ ->
case CommonAPI.vote(user, object, choices) do
{:error, _message} = res -> {:ignore, res}
res -> {:commit, res}
end
end)
res
end
def poll_vote(%{assigns: %{user: user}} = conn, %{"id" => id, "choices" => choices}) do
with %Object{} = object <- Object.get_by_id(id),
true <- object.data["type"] == "Question",
%Activity{} = activity <- Activity.get_create_by_object_ap_id(object.data["id"]),
true <- Visibility.visible_for_user?(activity, user),
{:ok, _activities, object} <- get_cached_vote_or_vote(user, object, choices) do
conn
|> put_view(StatusView)
|> try_render("poll.json", %{object: object, for: user})
else
nil ->
render_error(conn, :not_found, "Record not found")
false ->
render_error(conn, :not_found, "Record not found")
{:error, message} ->
conn
|> put_status(:unprocessable_entity)
|> json(%{error: message})
end
end
2019-03-28 09:39:10 +00:00
def scheduled_statuses(%{assigns: %{user: user}} = conn, params) do
with scheduled_activities <- MastodonAPI.get_scheduled_activities(user, params) do
conn
|> add_link_headers(scheduled_activities)
2019-03-28 09:39:10 +00:00
|> put_view(ScheduledActivityView)
|> render("index.json", %{scheduled_activities: scheduled_activities})
end
end
def show_scheduled_status(%{assigns: %{user: user}} = conn, %{"id" => scheduled_activity_id}) do
with %ScheduledActivity{} = scheduled_activity <-
ScheduledActivity.get(user, scheduled_activity_id) do
conn
|> put_view(ScheduledActivityView)
|> render("show.json", %{scheduled_activity: scheduled_activity})
else
_ -> {:error, :not_found}
end
end
def update_scheduled_status(
%{assigns: %{user: user}} = conn,
%{"id" => scheduled_activity_id} = params
) do
with %ScheduledActivity{} = scheduled_activity <-
ScheduledActivity.get(user, scheduled_activity_id),
{:ok, scheduled_activity} <- ScheduledActivity.update(scheduled_activity, params) do
2019-03-28 09:39:10 +00:00
conn
|> put_view(ScheduledActivityView)
|> render("show.json", %{scheduled_activity: scheduled_activity})
else
nil -> {:error, :not_found}
error -> error
2019-03-28 09:39:10 +00:00
end
end
def delete_scheduled_status(%{assigns: %{user: user}} = conn, %{"id" => scheduled_activity_id}) do
with %ScheduledActivity{} = scheduled_activity <-
ScheduledActivity.get(user, scheduled_activity_id),
{:ok, scheduled_activity} <- ScheduledActivity.delete(scheduled_activity) do
2019-03-28 09:39:10 +00:00
conn
|> put_view(ScheduledActivityView)
|> render("show.json", %{scheduled_activity: scheduled_activity})
else
nil -> {:error, :not_found}
error -> error
2019-03-28 09:39:10 +00:00
end
end
2017-09-13 13:55:10 +00:00
def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do
id = List.wrap(id)
2018-03-30 13:01:53 +00:00
q = from(u in User, where: u.id in ^id)
2017-09-13 13:55:10 +00:00
targets = Repo.all(q)
2018-12-16 16:49:42 +00:00
conn
|> put_view(AccountView)
|> render("relationships.json", %{user: user, targets: targets})
2017-09-13 13:55:10 +00:00
end
# Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
2018-12-09 09:12:48 +00:00
def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
def update_media(%{assigns: %{user: user}} = conn, data) do
with %Object{} = object <- Repo.get(Object, data["id"]),
true <- Object.authorize_mutation(object, user),
true <- is_binary(data["description"]),
description <- data["description"] do
new_data = %{object.data | "name" => description}
{:ok, _} =
object
|> Object.change(%{data: new_data})
|> Repo.update()
2017-09-14 06:08:32 +00:00
attachment_data = Map.put(new_data, "id", object.id)
2018-12-16 16:49:42 +00:00
conn
|> put_view(StatusView)
|> render("attachment.json", %{attachment: attachment_data})
2017-09-14 06:08:32 +00:00
end
end
def upload(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do
with {:ok, object} <-
2019-01-27 12:39:20 +00:00
ActivityPub.upload(
file,
actor: User.ap_id(user),
description: Map.get(data, "description")
) do
attachment_data = Map.put(object.data, "id", object.id)
2018-12-16 16:49:42 +00:00
conn
|> put_view(StatusView)
|> render("attachment.json", %{attachment: attachment_data})
end
end
def set_mascot(%{assigns: %{user: user}} = conn, %{"file" => file}) do
with {:ok, object} <- ActivityPub.upload(file, actor: User.ap_id(user)),
%{} = attachment_data <- Map.put(object.data, "id", object.id),
# Reject if not an image
%{type: "image"} = rendered <-
StatusView.render("attachment.json", %{attachment: attachment_data}) do
# Sure!
# Save to the user's info
{:ok, _user} = User.update_info(user, &User.Info.mascot_update(&1, rendered))
json(conn, rendered)
else
%{type: _} -> render_error(conn, :unsupported_media_type, "mascots can only be images")
end
end
def get_mascot(%{assigns: %{user: user}} = conn, _params) do
mascot = User.get_mascot(user)
conn
|> json(mascot)
end
2019-03-11 18:03:30 +00:00
def followers(%{assigns: %{user: for_user}} = conn, %{"id" => id} = params) do
2019-04-22 07:20:43 +00:00
with %User{} = user <- User.get_cached_by_id(id),
2019-03-11 18:03:30 +00:00
followers <- MastodonAPI.get_followers(user, params) do
followers =
cond do
for_user && user.id == for_user.id -> followers
user.info.hide_followers -> []
true -> followers
end
2018-12-16 16:49:42 +00:00
conn
|> add_link_headers(followers)
2018-12-16 16:49:42 +00:00
|> put_view(AccountView)
|> render("accounts.json", %{for: for_user, users: followers, as: :user})
2017-09-14 16:30:05 +00:00
end
end
2019-03-11 18:03:30 +00:00
def following(%{assigns: %{user: for_user}} = conn, %{"id" => id} = params) do
2019-04-22 07:20:43 +00:00
with %User{} = user <- User.get_cached_by_id(id),
2019-03-11 18:03:30 +00:00
followers <- MastodonAPI.get_friends(user, params) do
followers =
cond do
for_user && user.id == for_user.id -> followers
user.info.hide_follows -> []
true -> followers
end
2018-12-16 16:49:42 +00:00
conn
|> add_link_headers(followers)
2018-12-16 16:49:42 +00:00
|> put_view(AccountView)
|> render("accounts.json", %{for: for_user, users: followers, as: :user})
2017-09-14 16:30:05 +00:00
end
end
2018-05-26 16:03:32 +00:00
def follow_requests(%{assigns: %{user: followed}} = conn, _params) do
2019-09-24 07:16:52 +00:00
follow_requests = User.get_follow_requests(followed)
conn
|> put_view(AccountView)
|> render("accounts.json", %{for: followed, users: follow_requests, as: :user})
2018-05-26 16:03:32 +00:00
end
2018-05-26 16:16:20 +00:00
def authorize_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do
2019-04-22 07:20:43 +00:00
with %User{} = follower <- User.get_cached_by_id(id),
{:ok, follower} <- CommonAPI.accept_follow_request(follower, followed) do
2018-12-16 16:49:42 +00:00
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: followed, target: follower})
2018-05-26 16:16:20 +00:00
else
{:error, message} ->
conn
|> put_status(:forbidden)
|> json(%{error: message})
2018-05-26 16:16:20 +00:00
end
end
2018-05-26 18:03:23 +00:00
def reject_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do
2019-04-22 07:20:43 +00:00
with %User{} = follower <- User.get_cached_by_id(id),
{:ok, follower} <- CommonAPI.reject_follow_request(follower, followed) do
2018-12-16 16:49:42 +00:00
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: followed, target: follower})
2018-05-26 18:03:23 +00:00
else
{:error, message} ->
conn
|> put_status(:forbidden)
|> json(%{error: message})
2018-05-26 18:03:23 +00:00
end
end
2018-05-26 16:16:20 +00:00
2017-10-28 21:07:38 +00:00
def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do
2019-04-15 09:37:49 +00:00
with {_, %User{} = followed} <- {:followed, User.get_cached_by_id(id)},
{_, true} <- {:followed, follower.id != followed.id},
{:ok, follower} <- MastodonAPI.follow(follower, followed, conn.params) do
2018-12-16 16:49:42 +00:00
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: follower, target: followed})
2017-10-25 18:02:42 +00:00
else
{:followed, _} ->
{:error, :not_found}
2017-11-19 01:22:07 +00:00
{:error, message} ->
2017-10-25 18:25:37 +00:00
conn
|> put_status(:forbidden)
|> json(%{error: message})
2017-09-14 16:30:05 +00:00
end
end
def follow(%{assigns: %{user: follower}} = conn, %{"uri" => uri}) do
2019-04-15 09:37:49 +00:00
with {_, %User{} = followed} <- {:followed, User.get_cached_by_nickname(uri)},
{_, true} <- {:followed, follower.id != followed.id},
{:ok, follower, followed, _} <- CommonAPI.follow(follower, followed) do
2018-12-16 16:49:42 +00:00
conn
|> put_view(AccountView)
|> render("account.json", %{user: followed, for: follower})
2017-10-28 21:07:38 +00:00
else
{:followed, _} ->
{:error, :not_found}
2017-11-19 01:22:07 +00:00
{:error, message} ->
2017-10-28 21:07:38 +00:00
conn
|> put_status(:forbidden)
|> json(%{error: message})
2017-10-28 21:07:38 +00:00
end
end
2017-09-14 16:30:05 +00:00
def unfollow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do
2019-04-15 09:37:49 +00:00
with {_, %User{} = followed} <- {:followed, User.get_cached_by_id(id)},
{_, true} <- {:followed, follower.id != followed.id},
{:ok, follower} <- CommonAPI.unfollow(follower, followed) do
2018-12-16 16:49:42 +00:00
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: follower, target: followed})
else
{:followed, _} ->
{:error, :not_found}
error ->
error
2017-09-14 16:30:05 +00:00
end
end
2019-07-14 13:29:31 +00:00
def mute(%{assigns: %{user: muter}} = conn, %{"id" => id} = params) do
notifications =
if Map.has_key?(params, "notifications"),
do: params["notifications"] in [true, "True", "true", "1"],
else: true
2019-04-22 07:20:43 +00:00
with %User{} = muted <- User.get_cached_by_id(id),
2019-07-14 13:29:31 +00:00
{:ok, muter} <- User.mute(muter, muted, notifications) do
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: muter, target: muted})
else
{:error, message} ->
conn
|> put_status(:forbidden)
|> json(%{error: message})
end
end
def unmute(%{assigns: %{user: muter}} = conn, %{"id" => id}) do
2019-04-22 07:20:43 +00:00
with %User{} = muted <- User.get_cached_by_id(id),
{:ok, muter} <- User.unmute(muter, muted) do
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: muter, target: muted})
else
{:error, message} ->
conn
|> put_status(:forbidden)
|> json(%{error: message})
end
end
def mutes(%{assigns: %{user: user}} = conn, _) do
with muted_accounts <- User.muted_users(user) do
res = AccountView.render("accounts.json", users: muted_accounts, for: user, as: :user)
json(conn, res)
end
end
2017-11-03 07:38:05 +00:00
def block(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do
2019-04-22 07:20:43 +00:00
with %User{} = blocked <- User.get_cached_by_id(id),
{:ok, blocker} <- User.block(blocker, blocked),
{:ok, _activity} <- ActivityPub.block(blocker, blocked) do
2018-12-16 16:49:42 +00:00
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: blocker, target: blocked})
2017-11-03 07:38:05 +00:00
else
2017-11-19 01:22:07 +00:00
{:error, message} ->
2017-11-03 07:38:05 +00:00
conn
|> put_status(:forbidden)
|> json(%{error: message})
2017-11-03 07:38:05 +00:00
end
end
def unblock(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do
2019-04-22 07:20:43 +00:00
with %User{} = blocked <- User.get_cached_by_id(id),
{:ok, blocker} <- User.unblock(blocker, blocked),
{:ok, _activity} <- ActivityPub.unblock(blocker, blocked) do
2018-12-16 16:49:42 +00:00
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: blocker, target: blocked})
2017-11-03 07:38:05 +00:00
else
2017-11-19 01:22:07 +00:00
{:error, message} ->
2017-11-03 07:38:05 +00:00
conn
|> put_status(:forbidden)
|> json(%{error: message})
2017-11-03 07:38:05 +00:00
end
end
2017-11-03 07:51:17 +00:00
def blocks(%{assigns: %{user: user}} = conn, _) do
with blocked_accounts <- User.blocked_users(user) do
res = AccountView.render("accounts.json", users: blocked_accounts, for: user, as: :user)
2017-11-03 07:51:17 +00:00
json(conn, res)
end
end
2018-06-03 19:21:23 +00:00
def domain_blocks(%{assigns: %{user: %{info: info}}} = conn, _) do
2018-11-20 19:12:39 +00:00
json(conn, info.domain_blocks || [])
2018-06-03 19:21:23 +00:00
end
def block_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do
User.block_domain(blocker, domain)
json(conn, %{})
end
def unblock_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do
User.unblock_domain(blocker, domain)
json(conn, %{})
end
def subscribe(%{assigns: %{user: user}} = conn, %{"id" => id}) do
with %User{} = subscription_target <- User.get_cached_by_id(id),
{:ok, subscription_target} = User.subscribe(user, subscription_target) do
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: user, target: subscription_target})
else
{:error, message} ->
conn
|> put_status(:forbidden)
|> json(%{error: message})
end
end
def unsubscribe(%{assigns: %{user: user}} = conn, %{"id" => id}) do
with %User{} = subscription_target <- User.get_cached_by_id(id),
{:ok, subscription_target} = User.unsubscribe(user, subscription_target) do
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: user, target: subscription_target})
else
{:error, message} ->
conn
|> put_status(:forbidden)
|> json(%{error: message})
end
end
def favourites(%{assigns: %{user: user}} = conn, params) do
2018-03-30 13:01:53 +00:00
params =
params
2018-03-30 13:01:53 +00:00
|> Map.put("type", "Create")
|> Map.put("favorited_by", user.ap_id)
|> Map.put("blocking_user", user)
2018-03-30 13:01:53 +00:00
activities =
ActivityPub.fetch_activities([], params)
2018-03-30 13:01:53 +00:00
|> Enum.reverse()
conn
|> add_link_headers(activities)
2018-12-16 16:49:42 +00:00
|> put_view(StatusView)
|> render("index.json", %{activities: activities, for: user, as: :activity})
end
def user_favourites(%{assigns: %{user: for_user}} = conn, %{"id" => id} = params) do
with %User{} = user <- User.get_by_id(id),
false <- user.info.hide_favorites do
params =
params
|> Map.put("type", "Create")
|> Map.put("favorited_by", user.ap_id)
|> Map.put("blocking_user", for_user)
recipients =
if for_user do
[Pleroma.Constants.as_public()] ++ [for_user.ap_id | for_user.following]
else
[Pleroma.Constants.as_public()]
end
activities =
recipients
|> ActivityPub.fetch_activities(params)
|> Enum.reverse()
conn
|> add_link_headers(activities)
|> put_view(StatusView)
|> render("index.json", %{activities: activities, for: for_user, as: :activity})
else
nil -> {:error, :not_found}
true -> render_error(conn, :forbidden, "Can't get favorites")
end
end
2019-04-14 12:45:56 +00:00
def bookmarks(%{assigns: %{user: user}} = conn, params) do
2019-04-22 07:20:43 +00:00
user = User.get_cached_by_id(user.id)
2019-04-14 12:45:56 +00:00
bookmarks =
Bookmark.for_user_query(user.id)
|> Pagination.fetch_paginated(params)
2018-09-19 00:04:56 +00:00
activities =
2019-04-14 12:45:56 +00:00
bookmarks
|> Enum.map(fn b -> Map.put(b.activity, :bookmark, Map.delete(b, :activity)) end)
2018-09-19 00:04:56 +00:00
conn
|> add_link_headers(bookmarks)
2018-09-19 00:04:56 +00:00
|> put_view(StatusView)
|> render("index.json", %{activities: activities, for: user, as: :activity})
end
def account_lists(%{assigns: %{user: user}} = conn, %{"id" => account_id}) do
lists = Pleroma.List.get_lists_account_belongs(user, account_id)
res = ListView.render("lists.json", lists: lists)
json(conn, res)
end
2017-11-12 13:23:05 +00:00
def index(%{assigns: %{user: user}} = conn, _params) do
token = get_session(conn, :oauth_token)
2017-11-12 13:23:05 +00:00
if user && token do
mastodon_emoji = mastodonized_emoji()
2018-09-22 02:48:42 +00:00
2019-02-03 17:44:18 +00:00
limit = Config.get([:instance, :limit])
2018-09-22 02:48:42 +00:00
accounts =
Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user}))
2018-03-30 13:01:53 +00:00
initial_state =
%{
meta: %{
streaming_api_base_url: Pleroma.Web.Endpoint.websocket_url(),
2018-03-30 13:01:53 +00:00
access_token: token,
locale: "en",
domain: Pleroma.Web.Endpoint.host(),
admin: "1",
me: "#{user.id}",
unfollow_modal: false,
boost_modal: false,
delete_modal: true,
auto_play_gif: false,
2018-06-04 15:44:08 +00:00
display_sensitive_media: false,
reduce_motion: false,
max_toot_chars: limit,
mascot: User.get_mascot(user)["url"]
2017-11-12 13:23:05 +00:00
},
poll_limits: Config.get([:instance, :poll_limits]),
rights: %{
2019-02-03 17:44:18 +00:00
delete_others_notice: present?(user.info.is_moderator),
admin: present?(user.info.is_admin)
},
2018-03-30 13:01:53 +00:00
compose: %{
me: "#{user.id}",
2018-11-20 19:12:39 +00:00
default_privacy: user.info.default_scope,
default_sensitive: false,
allow_content_types: Config.get([:instance, :allowed_post_formats])
2018-03-30 13:01:53 +00:00
},
media_attachments: %{
accept_content_types: [
".jpg",
".jpeg",
".png",
".gif",
".webm",
".mp4",
".m4v",
"image\/jpeg",
"image\/png",
"image\/gif",
"video\/webm",
"video\/mp4"
]
},
2018-04-10 16:38:52 +00:00
settings:
user.info.settings ||
2018-04-10 16:38:52 +00:00
%{
onboarded: true,
home: %{
shows: %{
reblog: true,
reply: true
}
},
notifications: %{
alerts: %{
follow: true,
favourite: true,
reblog: true,
mention: true
},
shows: %{
follow: true,
favourite: true,
reblog: true,
mention: true
},
sounds: %{
follow: true,
favourite: true,
reblog: true,
mention: true
}
}
2018-03-30 13:01:53 +00:00
},
push_subscription: nil,
accounts: accounts,
custom_emojis: mastodon_emoji,
char_limit: limit
2018-03-30 13:01:53 +00:00
}
|> Jason.encode!()
2017-11-12 13:23:05 +00:00
conn
|> put_layout(false)
2018-12-16 16:49:42 +00:00
|> put_view(MastodonView)
2019-05-31 23:42:46 +00:00
|> render("index.html", %{initial_state: initial_state})
2017-11-12 13:23:05 +00:00
else
conn
|> put_session(:return_to, conn.request_path)
2017-11-12 13:23:05 +00:00
|> redirect(to: "/web/login")
end
end
def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
2019-09-24 07:49:02 +00:00
with {:ok, _} <- User.update_info(user, &User.Info.mastodon_settings_update(&1, settings)) do
2018-12-09 09:12:48 +00:00
json(conn, %{})
2018-04-10 16:38:52 +00:00
else
e ->
conn
|> put_status(:internal_server_error)
|> json(%{error: inspect(e)})
end
end
def login(%{assigns: %{user: %User{}}} = conn, _params) do
redirect(conn, to: local_mastodon_root_path(conn))
end
@doc "Local Mastodon FE login init action"
def login(conn, %{"code" => auth_token}) do
with {:ok, app} <- get_or_make_app(),
%Authorization{} = auth <- Repo.get_by(Authorization, token: auth_token, app_id: app.id),
{:ok, token} <- Token.exchange_token(app, auth) do
conn
|> put_session(:oauth_token, token.token)
|> redirect(to: local_mastodon_root_path(conn))
end
end
@doc "Local Mastodon FE callback action"
2017-11-19 01:22:07 +00:00
def login(conn, _) do
with {:ok, app} <- get_or_make_app() do
path =
2019-01-27 12:39:20 +00:00
o_auth_path(
conn,
:authorize,
response_type: "code",
client_id: app.client_id,
redirect_uri: ".",
scope: Enum.join(app.scopes, " ")
)
redirect(conn, to: path)
end
2017-11-12 13:23:05 +00:00
end
defp local_mastodon_root_path(conn) do
case get_session(conn, :return_to) do
nil ->
mastodon_api_path(conn, :index, ["getting-started"])
return_to ->
delete_session(conn, :return_to)
return_to
end
2017-11-12 13:23:05 +00:00
end
defp get_or_make_app do
find_attrs = %{client_name: @local_mastodon_name, redirect_uris: "."}
scopes = ["read", "write", "follow", "push"]
with %App{} = app <- Repo.get_by(App, find_attrs) do
{:ok, app} =
if app.scopes == scopes do
{:ok, app}
else
app
|> Changeset.change(%{scopes: scopes})
|> Repo.update()
end
2017-11-12 13:23:05 +00:00
{:ok, app}
else
_e ->
cs =
App.register_changeset(
%App{},
Map.put(find_attrs, :scopes, scopes)
)
2018-03-30 13:01:53 +00:00
2017-11-12 13:23:05 +00:00
Repo.insert(cs)
end
end
2017-11-19 12:23:16 +00:00
def logout(conn, _) do
conn
|> clear_session
|> redirect(to: "/")
end
2017-09-14 16:30:05 +00:00
def relationship_noop(%{assigns: %{user: user}} = conn, %{"id" => id}) do
Logger.debug("Unimplemented, returning unmodified relationship")
2018-03-30 13:01:53 +00:00
2019-04-22 07:20:43 +00:00
with %User{} = target <- User.get_cached_by_id(id) do
2018-12-16 16:49:42 +00:00
conn
|> put_view(AccountView)
|> render("relationship.json", %{user: user, target: target})
2017-09-14 16:30:05 +00:00
end
end
def empty_array(conn, _) do
Logger.debug("Unimplemented, returning an empty array")
json(conn, [])
end
def empty_object(conn, _) do
Logger.debug("Unimplemented, returning an empty object")
json(conn, %{})
end
def get_filters(%{assigns: %{user: user}} = conn, _) do
2019-02-03 17:44:18 +00:00
filters = Filter.get_filters(user)
2018-08-14 02:27:28 +00:00
res = FilterView.render("filters.json", filters: filters)
json(conn, res)
end
def create_filter(
%{assigns: %{user: user}} = conn,
%{"phrase" => phrase, "context" => context} = params
) do
2019-02-03 17:44:18 +00:00
query = %Filter{
2018-08-14 02:27:28 +00:00
user_id: user.id,
phrase: phrase,
context: context,
hide: Map.get(params, "irreversible", false),
2018-08-14 02:27:28 +00:00
whole_word: Map.get(params, "boolean", true)
# expires_at
}
2019-02-03 17:44:18 +00:00
{:ok, response} = Filter.create(query)
2018-08-14 02:27:28 +00:00
res = FilterView.render("filter.json", filter: response)
json(conn, res)
end
def get_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do
2019-02-03 17:44:18 +00:00
filter = Filter.get(filter_id, user)
2018-08-14 02:27:28 +00:00
res = FilterView.render("filter.json", filter: filter)
json(conn, res)
end
def update_filter(
%{assigns: %{user: user}} = conn,
%{"phrase" => phrase, "context" => context, "id" => filter_id} = params
) do
2019-02-03 17:44:18 +00:00
query = %Filter{
2018-08-14 02:27:28 +00:00
user_id: user.id,
filter_id: filter_id,
phrase: phrase,
context: context,
hide: Map.get(params, "irreversible", nil),
whole_word: Map.get(params, "boolean", true)
# expires_at
}
2019-02-03 17:44:18 +00:00
{:ok, response} = Filter.update(query)
2018-08-14 02:27:28 +00:00
res = FilterView.render("filter.json", filter: response)
json(conn, res)
end
def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do
2019-02-03 17:44:18 +00:00
query = %Filter{
2018-08-14 02:27:28 +00:00
user_id: user.id,
filter_id: filter_id
}
2019-02-03 17:44:18 +00:00
{:ok, _} = Filter.delete(query)
2018-08-14 02:27:28 +00:00
json(conn, %{})
end
2018-07-13 15:44:18 +00:00
def suggestions(%{assigns: %{user: user}} = conn, _) do
2019-02-03 17:44:18 +00:00
suggestions = Config.get(:suggestions)
if Keyword.get(suggestions, :enabled, false) do
api = Keyword.get(suggestions, :third_party_engine, "")
timeout = Keyword.get(suggestions, :timeout, 5000)
limit = Keyword.get(suggestions, :limit, 23)
2018-07-17 07:45:18 +00:00
2019-02-03 17:44:18 +00:00
host = Config.get([Pleroma.Web.Endpoint, :url, :host])
2018-07-17 07:45:18 +00:00
user = user.nickname
2019-02-03 17:44:18 +00:00
url =
api
|> String.replace("{{host}}", host)
|> String.replace("{{user}}", user)
2018-07-17 07:45:18 +00:00
2018-12-02 14:08:36 +00:00
with {:ok, %{status: 200, body: body}} <-
HTTP.get(url, [], adapter: [recv_timeout: timeout, pool: :default]),
2018-07-17 07:45:18 +00:00
{:ok, data} <- Jason.decode(body) do
2019-02-03 17:44:18 +00:00
data =
data
|> Enum.slice(0, limit)
2018-07-17 07:45:18 +00:00
|> Enum.map(fn x ->
x
|> Map.put("id", fetch_suggestion_id(x))
|> Map.put("avatar", MediaProxy.url(x["avatar"]))
|> Map.put("avatar_static", MediaProxy.url(x["avatar_static"]))
2018-08-28 08:01:17 +00:00
end)
2018-07-15 11:36:26 +00:00
json(conn, data)
2018-07-17 07:45:18 +00:00
else
e ->
Logger.error("Could not retrieve suggestions at fetch #{url}, #{inspect(e)}")
2018-07-17 07:45:18 +00:00
end
else
2018-07-17 07:45:18 +00:00
json(conn, [])
end
end
defp fetch_suggestion_id(attrs) do
case User.get_or_fetch(attrs["acct"]) do
{:ok, %User{id: id}} -> id
_ -> 0
end
2018-07-13 15:21:38 +00:00
end
2019-02-20 16:51:25 +00:00
def reports(%{assigns: %{user: user}} = conn, params) do
case CommonAPI.report(user, params) do
{:ok, activity} ->
conn
|> put_view(ReportView)
|> try_render("report.json", %{activity: activity})
{:error, err} ->
conn
|> put_status(:bad_request)
|> json(%{error: err})
end
end
def account_register(
%{assigns: %{app: app}} = conn,
%{"username" => nickname, "email" => _, "password" => _, "agreement" => true} = params
) do
params =
params
|> Map.take([
"email",
"captcha_solution",
"captcha_token",
"captcha_answer_data",
"token",
"password"
])
|> Map.put("nickname", nickname)
|> Map.put("fullname", params["fullname"] || nickname)
|> Map.put("bio", params["bio"] || "")
|> Map.put("confirm", params["password"])
with {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true),
{:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
json(conn, %{
token_type: "Bearer",
access_token: token.token,
scope: app.scopes,
created_at: Token.Utils.format_created_at(token)
})
else
{:error, errors} ->
conn
|> put_status(:bad_request)
|> json(errors)
end
end
def account_register(%{assigns: %{app: _app}} = conn, _params) do
render_error(conn, :bad_request, "Missing parameters")
end
def account_register(conn, _) do
render_error(conn, :forbidden, "Invalid credentials")
end
2019-04-10 15:48:31 +00:00
def conversations(%{assigns: %{user: user}} = conn, params) do
participations = Participation.for_user_with_last_activity_id(user, params)
conversations =
Enum.map(participations, fn participation ->
ConversationView.render("participation.json", %{participation: participation, for: user})
2019-04-10 15:48:31 +00:00
end)
conn
|> add_link_headers(participations)
2019-04-10 15:48:31 +00:00
|> json(conversations)
end
def conversation_read(%{assigns: %{user: user}} = conn, %{"id" => participation_id}) do
with %Participation{} = participation <-
Repo.get_by(Participation, id: participation_id, user_id: user.id),
{:ok, participation} <- Participation.mark_as_read(participation) do
participation_view =
ConversationView.render("participation.json", %{participation: participation, for: user})
2019-04-10 15:48:31 +00:00
conn
|> json(participation_view)
2019-04-10 15:48:31 +00:00
end
end
def password_reset(conn, params) do
nickname_or_email = params["email"] || params["nickname"]
with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do
conn
|> put_status(:no_content)
|> json("")
else
{:error, "unknown user"} ->
send_resp(conn, :not_found, "")
{:error, _} ->
send_resp(conn, :bad_request, "")
end
end
def account_confirmation_resend(conn, params) do
nickname_or_email = params["email"] || params["nickname"]
with %User{} = user <- User.get_by_nickname_or_email(nickname_or_email),
{:ok, _} <- User.try_send_confirmation_email(user) do
conn
|> json_response(:no_content, "")
end
end
2018-12-16 16:49:42 +00:00
def try_render(conn, target, params)
when is_binary(target) do
case render(conn, target, params) do
nil -> render_error(conn, :not_implemented, "Can't display this activity")
res -> res
end
end
2018-12-16 16:49:42 +00:00
def try_render(conn, _, _) do
render_error(conn, :not_implemented, "Can't display this activity")
end
2019-02-03 17:44:18 +00:00
defp present?(nil), do: false
defp present?(false), do: false
defp present?(_), do: true
end