mirror of
https://akkoma.dev/AkkomaGang/akkoma.git
synced 2024-12-30 20:27:22 +00:00
b73a1a33de
Make captcha (kocaptcha) stateless See merge request pleroma/pleroma!585
331 lines
9.5 KiB
Elixir
331 lines
9.5 KiB
Elixir
# Pleroma: A lightweight social networking server
|
|
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
|
|
alias Pleroma.{UserInviteToken, User, Activity, Repo, Object}
|
|
alias Pleroma.{UserEmail, Mailer}
|
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
|
alias Pleroma.Web.TwitterAPI.UserView
|
|
alias Pleroma.Web.CommonAPI
|
|
|
|
import Ecto.Query
|
|
|
|
def create_status(%User{} = user, %{"status" => _} = data) do
|
|
CommonAPI.post(user, data)
|
|
end
|
|
|
|
def delete(%User{} = user, id) do
|
|
with %Activity{data: %{"type" => _type}} <- Repo.get(Activity, id),
|
|
{:ok, activity} <- CommonAPI.delete(id, user) do
|
|
{:ok, activity}
|
|
end
|
|
end
|
|
|
|
def follow(%User{} = follower, params) do
|
|
with {:ok, %User{} = followed} <- get_user(params),
|
|
{:ok, follower} <- User.maybe_direct_follow(follower, followed),
|
|
{:ok, activity} <- ActivityPub.follow(follower, followed),
|
|
{:ok, follower, followed} <-
|
|
User.wait_and_refresh(
|
|
Pleroma.Config.get([:activitypub, :follow_handshake_timeout]),
|
|
follower,
|
|
followed
|
|
) do
|
|
{:ok, follower, followed, activity}
|
|
else
|
|
err -> err
|
|
end
|
|
end
|
|
|
|
def unfollow(%User{} = follower, params) do
|
|
with {:ok, %User{} = unfollowed} <- get_user(params),
|
|
{:ok, follower, _follow_activity} <- User.unfollow(follower, unfollowed),
|
|
{:ok, _activity} <- ActivityPub.unfollow(follower, unfollowed) do
|
|
{:ok, follower, unfollowed}
|
|
else
|
|
err -> err
|
|
end
|
|
end
|
|
|
|
def block(%User{} = blocker, params) do
|
|
with {:ok, %User{} = blocked} <- get_user(params),
|
|
{:ok, blocker} <- User.block(blocker, blocked),
|
|
{:ok, _activity} <- ActivityPub.block(blocker, blocked) do
|
|
{:ok, blocker, blocked}
|
|
else
|
|
err -> err
|
|
end
|
|
end
|
|
|
|
def unblock(%User{} = blocker, params) do
|
|
with {:ok, %User{} = blocked} <- get_user(params),
|
|
{:ok, blocker} <- User.unblock(blocker, blocked),
|
|
{:ok, _activity} <- ActivityPub.unblock(blocker, blocked) do
|
|
{:ok, blocker, blocked}
|
|
else
|
|
err -> err
|
|
end
|
|
end
|
|
|
|
def repeat(%User{} = user, ap_id_or_id) do
|
|
with {:ok, _announce, %{data: %{"id" => id}}} <- CommonAPI.repeat(ap_id_or_id, user),
|
|
%Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do
|
|
{:ok, activity}
|
|
end
|
|
end
|
|
|
|
def unrepeat(%User{} = user, ap_id_or_id) do
|
|
with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user),
|
|
%Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do
|
|
{:ok, activity}
|
|
end
|
|
end
|
|
|
|
def fav(%User{} = user, ap_id_or_id) do
|
|
with {:ok, _fav, %{data: %{"id" => id}}} <- CommonAPI.favorite(ap_id_or_id, user),
|
|
%Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do
|
|
{:ok, activity}
|
|
end
|
|
end
|
|
|
|
def unfav(%User{} = user, ap_id_or_id) do
|
|
with {:ok, _unfav, _fav, %{data: %{"id" => id}}} <- CommonAPI.unfavorite(ap_id_or_id, user),
|
|
%Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id) do
|
|
{:ok, activity}
|
|
end
|
|
end
|
|
|
|
def upload(%Plug.Upload{} = file, %User{} = user, format \\ "xml") do
|
|
{:ok, object} = ActivityPub.upload(file, actor: User.ap_id(user))
|
|
|
|
url = List.first(object.data["url"])
|
|
href = url["href"]
|
|
type = url["mediaType"]
|
|
|
|
case format do
|
|
"xml" ->
|
|
# Fake this as good as possible...
|
|
"""
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<rsp stat="ok" xmlns:atom="http://www.w3.org/2005/Atom">
|
|
<mediaid>#{object.id}</mediaid>
|
|
<media_id>#{object.id}</media_id>
|
|
<media_id_string>#{object.id}</media_id_string>
|
|
<media_url>#{href}</media_url>
|
|
<mediaurl>#{href}</mediaurl>
|
|
<atom:link rel="enclosure" href="#{href}" type="#{type}"></atom:link>
|
|
</rsp>
|
|
"""
|
|
|
|
"json" ->
|
|
%{
|
|
media_id: object.id,
|
|
media_id_string: "#{object.id}}",
|
|
media_url: href,
|
|
size: 0
|
|
}
|
|
|> Jason.encode!()
|
|
end
|
|
end
|
|
|
|
def register_user(params) do
|
|
tokenString = params["token"]
|
|
|
|
params = %{
|
|
nickname: params["nickname"],
|
|
name: params["fullname"],
|
|
bio: User.parse_bio(params["bio"]),
|
|
email: params["email"],
|
|
password: params["password"],
|
|
password_confirmation: params["confirm"],
|
|
captcha_solution: params["captcha_solution"],
|
|
captcha_token: params["captcha_token"],
|
|
captcha_answer_data: params["captcha_answer_data"]
|
|
}
|
|
|
|
captcha_enabled = Pleroma.Config.get([Pleroma.Captcha, :enabled])
|
|
# true if captcha is disabled or enabled and valid, false otherwise
|
|
captcha_ok =
|
|
if !captcha_enabled do
|
|
:ok
|
|
else
|
|
Pleroma.Captcha.validate(
|
|
params[:captcha_token],
|
|
params[:captcha_solution],
|
|
params[:captcha_answer_data]
|
|
)
|
|
end
|
|
|
|
# Captcha invalid
|
|
if captcha_ok != :ok do
|
|
{:error, error} = captcha_ok
|
|
# I have no idea how this error handling works
|
|
{:error, %{error: Jason.encode!(%{captcha: [error]})}}
|
|
else
|
|
registrations_open = Pleroma.Config.get([:instance, :registrations_open])
|
|
|
|
# no need to query DB if registration is open
|
|
token =
|
|
unless registrations_open || is_nil(tokenString) do
|
|
Repo.get_by(UserInviteToken, %{token: tokenString})
|
|
end
|
|
|
|
cond do
|
|
registrations_open || (!is_nil(token) && !token.used) ->
|
|
changeset = User.register_changeset(%User{}, params)
|
|
|
|
with {:ok, user} <- User.register(changeset) do
|
|
!registrations_open && UserInviteToken.mark_as_used(token.token)
|
|
|
|
{:ok, user}
|
|
else
|
|
{:error, changeset} ->
|
|
errors =
|
|
Ecto.Changeset.traverse_errors(changeset, fn {msg, _opts} -> msg end)
|
|
|> Jason.encode!()
|
|
|
|
{:error, %{error: errors}}
|
|
end
|
|
|
|
!registrations_open && is_nil(token) ->
|
|
{:error, "Invalid token"}
|
|
|
|
!registrations_open && token.used ->
|
|
{:error, "Expired token"}
|
|
end
|
|
end
|
|
end
|
|
|
|
def password_reset(nickname_or_email) do
|
|
with true <- is_binary(nickname_or_email),
|
|
%User{local: true} = user <- User.get_by_nickname_or_email(nickname_or_email),
|
|
{:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do
|
|
user
|
|
|> UserEmail.password_reset_email(token_record.token)
|
|
|> Mailer.deliver()
|
|
else
|
|
false ->
|
|
{:error, "bad user identifier"}
|
|
|
|
%User{local: false} ->
|
|
{:error, "remote user"}
|
|
|
|
nil ->
|
|
{:error, "unknown user"}
|
|
end
|
|
end
|
|
|
|
def get_by_id_or_nickname(id_or_nickname) do
|
|
if !is_integer(id_or_nickname) && :error == Integer.parse(id_or_nickname) do
|
|
Repo.get_by(User, nickname: id_or_nickname)
|
|
else
|
|
Repo.get(User, id_or_nickname)
|
|
end
|
|
end
|
|
|
|
def get_user(user \\ nil, params) do
|
|
case params do
|
|
%{"user_id" => user_id} ->
|
|
case target = get_by_id_or_nickname(user_id) do
|
|
nil ->
|
|
{:error, "No user with such user_id"}
|
|
|
|
_ ->
|
|
{:ok, target}
|
|
end
|
|
|
|
%{"screen_name" => nickname} ->
|
|
case target = Repo.get_by(User, nickname: nickname) do
|
|
nil ->
|
|
{:error, "No user with such screen_name"}
|
|
|
|
_ ->
|
|
{:ok, target}
|
|
end
|
|
|
|
_ ->
|
|
if user do
|
|
{:ok, user}
|
|
else
|
|
{:error, "You need to specify screen_name or user_id"}
|
|
end
|
|
end
|
|
end
|
|
|
|
defp parse_int(string, default)
|
|
|
|
defp parse_int(string, default) when is_binary(string) do
|
|
with {n, _} <- Integer.parse(string) do
|
|
n
|
|
else
|
|
_e -> default
|
|
end
|
|
end
|
|
|
|
defp parse_int(_, default), do: default
|
|
|
|
def search(_user, %{"q" => query} = params) do
|
|
limit = parse_int(params["rpp"], 20)
|
|
page = parse_int(params["page"], 1)
|
|
offset = (page - 1) * limit
|
|
|
|
q =
|
|
from(
|
|
a in Activity,
|
|
where: fragment("?->>'type' = 'Create'", a.data),
|
|
where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
|
|
where:
|
|
fragment(
|
|
"to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
|
|
a.data,
|
|
^query
|
|
),
|
|
limit: ^limit,
|
|
offset: ^offset,
|
|
# this one isn't indexed so psql won't take the wrong index.
|
|
order_by: [desc: :inserted_at]
|
|
)
|
|
|
|
_activities = Repo.all(q)
|
|
end
|
|
|
|
# DEPRECATED mostly, context objects are now created at insertion time.
|
|
def context_to_conversation_id(context) do
|
|
with %Object{id: id} <- Object.get_cached_by_ap_id(context) do
|
|
id
|
|
else
|
|
_e ->
|
|
changeset = Object.context_mapping(context)
|
|
|
|
case Repo.insert(changeset) do
|
|
{:ok, %{id: id}} ->
|
|
id
|
|
|
|
# This should be solved by an upsert, but it seems ecto
|
|
# has problems accessing the constraint inside the jsonb.
|
|
{:error, _} ->
|
|
Object.get_cached_by_ap_id(context).id
|
|
end
|
|
end
|
|
end
|
|
|
|
def conversation_id_to_context(id) do
|
|
with %Object{data: %{"id" => context}} <- Repo.get(Object, id) do
|
|
context
|
|
else
|
|
_e ->
|
|
{:error, "No such conversation"}
|
|
end
|
|
end
|
|
|
|
def get_external_profile(for_user, uri) do
|
|
with %User{} = user <- User.get_or_fetch(uri) do
|
|
{:ok, UserView.render("show.json", %{user: user, for: for_user})}
|
|
else
|
|
_e ->
|
|
{:error, "Couldn't find user"}
|
|
end
|
|
end
|
|
end
|