mastodon/config/routes.rb

243 lines
7.7 KiB
Ruby
Raw Normal View History

2016-11-28 12:36:47 +00:00
# frozen_string_literal: true
require 'sidekiq_unique_jobs/web' if ENV['ENABLE_SIDEKIQ_UNIQUE_JOBS_UI'] == true
2017-05-08 01:52:57 +00:00
require 'sidekiq-scheduler/web'
class RedirectWithVary < ActionDispatch::Routing::PathRedirect
def build_response(req)
super.tap do |response|
response.headers['Vary'] = 'Origin, Accept'
end
end
end
def redirect_with_vary(path)
RedirectWithVary.new(301, path)
end
2016-02-20 21:53:20 +00:00
Rails.application.routes.draw do
# Paths of routes on the web app that to not require to be indexed or
# have alternative format representations requiring separate controllers
web_app_paths = %w(
/getting-started
/keyboard-shortcuts
/home
/public
/public/local
/public/remote
/conversations
/lists/(*any)
/links/(*any)
/notifications/(*any)
/notifications_v2/(*any)
/favourites
/bookmarks
/pinned
/start/(*any)
/directory
/explore/(*any)
/search
/publish
/follow_requests
/blocks
/domain_blocks
/mutes
/followed_tags
/statuses/(*any)
/deck/(*any)
).freeze
root 'home#index'
2017-01-21 21:19:13 +00:00
mount LetterOpenerWeb::Engine, at: 'letter_opener' if Rails.env.development?
2016-08-18 13:49:51 +00:00
2021-04-03 00:39:04 +00:00
get 'health', to: 'health#show'
2023-12-15 14:34:24 +00:00
authenticate :user, ->(user) { user.role&.can?(:view_devops) } do
2016-12-13 12:42:10 +00:00
mount Sidekiq::Web, at: 'sidekiq', as: :sidekiq
mount PgHero::Engine, at: 'pghero', as: :pghero
end
use_doorkeeper do
controllers authorizations: 'oauth/authorizations',
authorized_applications: 'oauth/authorized_applications',
tokens: 'oauth/tokens'
end
2024-10-30 14:38:10 +00:00
namespace :oauth do
# As this is borrowed from OpenID, the specification says we must also support
# POST for the userinfo endpoint:
# https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
match 'userinfo', via: [:get, :post], to: 'userinfo#show', defaults: { format: 'json' }
end
scope path: '.well-known' do
scope module: :well_known do
get 'oauth-authorization-server', to: 'oauth_metadata#show', as: :oauth_metadata, defaults: { format: 'json' }
get 'host-meta', to: 'host_meta#show', as: :host_meta
get 'nodeinfo', to: 'node_info#index', as: :nodeinfo, defaults: { format: 'json' }
get 'webfinger', to: 'webfinger#show', as: :webfinger
end
get 'change-password', to: redirect('/auth/edit'), as: nil
get 'proxy', to: redirect { |_, request| "/authorize_interaction?#{request.params.to_query}" }, as: nil
end
Add Keybase integration (#10297) * create account_identity_proofs table * add endpoint for keybase to check local proofs * add async task to update validity and liveness of proofs from keybase * first pass keybase proof CRUD * second pass keybase proof creation * clean up proof list and add badges * add avatar url to keybase api * Always highlight the “Identity Proofs” navigation item when interacting with proofs. * Update translations. * Add profile URL. * Reorder proofs. * Add proofs to bio. * Update settings/identity_proofs front-end. * Use `link_to`. * Only encode query params if they exist. URLs without params had a trailing `?`. * Only show live proofs. * change valid to active in proof list and update liveness before displaying * minor fixes * add keybase config at well-known path * extremely naive feature flagging off the identity proof UI * fixes for rubocop * make identity proofs page resilient to potential keybase issues * normalize i18n * tweaks for brakeman * remove two unused translations * cleanup and add more localizations * make keybase_contacts an admin setting * fix ExternalProofService my_domain * use Addressable::URI in identity proofs * use active model serializer for keybase proof config * more cleanup of keybase proof config * rename proof is_valid and is_live to proof_valid and proof_live * cleanup * assorted tweaks for more robust communication with keybase * Clean up * Small fixes * Display verified identity identically to verified links * Clean up unused CSS * Add caching for Keybase avatar URLs * Remove keybase_contacts setting
2019-03-18 20:00:55 +00:00
get '/nodeinfo/2.0', to: 'well_known/node_info#show', as: :nodeinfo_schema
get 'manifest', to: 'manifests#show', defaults: { format: 'json' }
get 'intent', to: 'intents#show'
get 'custom.css', to: 'custom_css#show', as: :custom_css
2016-02-22 15:00:20 +00:00
get 'remote_interaction_helper', to: 'remote_interaction_helper#index'
resource :instance_actor, path: 'actor', only: [:show] do
scope module: :activitypub do
resource :inbox, only: [:create]
resource :outbox, only: [:show]
end
end
get '/invite/:invite_code', constraints: ->(req) { req.format == :json }, to: 'api/v1/invites#show'
devise_scope :user do
get '/invite/:invite_code', to: 'auth/registrations#new', as: :public_invite
resource :unsubscribe, only: [:show, :create], controller: :mail_subscriptions
namespace :auth do
resource :setup, only: [:show, :update], controller: :setup
resource :challenge, only: [:create]
Add WebAuthn as an alternative 2FA method (#14466) * feat: add possibility of adding WebAuthn security keys to use as 2FA This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor to the Settings page for editing the 2FA methods – now it will list the methods that are available to the user (TOTP and WebAuthn) and from there they'll be able to add or remove any of them. Also, it's worth mentioning that for enabling WebAuthn it's required to have TOTP enabled, so the first time that you go to the 2FA Settings page, you'll be asked to set it up. This work was inspired by the one donde by Github in their platform, and despite it could be approached in different ways, we decided to go with this one given that we feel that this gives a great UX. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add request for WebAuthn as second factor at login if enabled This commits adds the feature for using WebAuthn as a second factor for login when enabled. If users have WebAuthn enabled, now a page requesting for the use of a WebAuthn credential for log in will appear, although a link redirecting to the old page for logging in using a two-factor code will also be present. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add possibility of deleting WebAuthn Credentials Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: disable WebAuthn when an Admin disables 2FA for a user Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: remove ability to disable TOTP leaving only WebAuthn as 2FA Following examples form other platforms like Github, we decided to make Webauthn 2FA secondary to 2FA with TOTP, so that we removed the possibility of removing TOTP authentication only, leaving users with just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA' in order to remove second factor auth. The reason for WebAuthn being secondary to TOPT is that in that way, users will still be able to log in using their code from their phone's application if they don't have their security keys with them – or maybe even lost them. * We had to change a little the flow for setting up TOTP, given that now it's possible to setting up again if you already had TOTP, in order to let users modify their authenticator app – given that now it's not possible for them to disable TOTP and set it up again with another authenticator app. So, basically, now instead of storing the new `otp_secret` in the user, we store it in the session until the process of set up is finished. This was because, as it was before, when users clicked on 'Edit' in the new two-factor methods lists page, but then went back without finishing the flow, their `otp_secret` had been changed therefore invalidating their previous authenticator app, making them unable to log in again using TOTP. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * refactor: fix eslint errors The PR build was failing given that linting returning some errors. This commit attempts to fix them. * refactor: normalize i18n translations The build was failing given that i18n translations files were not normalized. This commits fixes that. * refactor: avoid having the webauthn gem locked to a specific version * refactor: use symbols for routes without '/' * refactor: avoid sending webauthn disabled email when 2FA is disabled When an admins disable 2FA for users, we were sending two mails to them, one notifying that 2FA was disabled and the other to notify that WebAuthn was disabled. As the second one is redundant since the first email includes it, we can remove it and send just one email to users. * refactor: avoid creating new env variable for webauthn_origin config * refactor: improve flash error messages for webauthn pages Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 14:46:27 +00:00
get 'sessions/security_key_options', to: 'sessions#webauthn_options'
2023-05-16 21:27:35 +00:00
post 'captcha_confirmation', to: 'confirmations#confirm_captcha', as: :captcha_confirmation
end
end
scope module: :auth do
devise_for :users, path: 'auth', format: false
end
2016-03-05 12:12:24 +00:00
with_options constraints: ->(req) { req.format.nil? || req.format.html? } do
get '/users/:username', to: redirect_with_vary('/@%{username}')
get '/users/:username/following', to: redirect_with_vary('/@%{username}/following')
get '/users/:username/followers', to: redirect_with_vary('/@%{username}/followers')
get '/users/:username/statuses/:id', to: redirect_with_vary('/@%{username}/%{id}')
end
get '/authorize_follow', to: redirect { |_, request| "/authorize_interaction?#{request.params.to_query}" }
2017-03-22 18:26:22 +00:00
resources :accounts, path: 'users', only: [:show], param: :username do
resources :statuses, only: [:show] do
member do
get :activity
get :embed
end
resources :replies, only: [:index], module: :activitypub
resources :likes, only: [:index], module: :activitypub
resources :shares, only: [:index], module: :activitypub
end
resources :followers, only: [:index], controller: :follower_accounts
resources :following, only: [:index], controller: :following_accounts
scope module: :activitypub do
resource :outbox, only: [:show]
resource :inbox, only: [:create]
resources :collections, only: [:show]
resource :followers_synchronization, only: [:show]
end
end
2016-02-22 15:00:20 +00:00
2017-08-30 22:02:59 +00:00
resource :inbox, only: [:create], module: :activitypub
constraints(encoded_path: /%40.*/) do
get '/:encoded_path', to: redirect { |params|
"/#{params[:encoded_path].gsub('%40', '@')}"
}
end
constraints(username: %r{[^@/.]+}) do
with_options to: 'accounts#show' do
get '/@:username', as: :short_account
get '/@:username/with_replies', as: :short_account_with_replies
get '/@:username/media', as: :short_account_media
get '/@:username/tagged/:tag', as: :short_account_tag
end
end
2017-03-22 18:26:22 +00:00
constraints(account_username: %r{[^@/.]+}) do
get '/@:account_username/following', to: 'following_accounts#index'
get '/@:account_username/followers', to: 'follower_accounts#index'
get '/@:account_username/:id', to: 'statuses#show', as: :short_account_status
get '/@:account_username/:id/embed', to: 'statuses#embed', as: :embed_short_account_status
end
get '/@:username_with_domain/(*any)', to: 'home#index', constraints: { username_with_domain: %r{([^/])+?} }, as: :account_with_domain, format: false
get '/settings', to: redirect('/settings/profile')
draw(:settings)
2016-10-14 00:28:49 +00:00
namespace :disputes do
resources :strikes, only: [:show, :index] do
resource :appeal, only: [:create]
end
end
namespace :redirect do
resources :accounts, only: :show
resources :statuses, only: :show
end
resources :media, only: [:show] do
get :player
end
resources :tags, only: [:show]
resources :emojis, only: [:show]
resources :invites, only: [:index, :create, :destroy]
resources :filters, except: [:show] do
resources :statuses, only: [:index], controller: 'filters/statuses' do
collection do
post :batch
end
end
end
2019-03-16 10:23:22 +00:00
resource :relationships, only: [:show, :update]
resources :severed_relationships, only: [:index] do
member do
constraints(format: :csv) do
get :followers
get :following
end
end
end
resource :statuses_cleanup, controller: :statuses_cleanup, only: [:show, :update]
get '/media_proxy/:id/(*any)', to: 'media_proxy#show', as: :media_proxy, format: false
get '/backups/:id/download', to: 'backups#download', as: :download_backup, format: false
resource :authorize_interaction, only: [:show]
2023-07-01 19:48:53 +00:00
resource :share, only: [:show]
draw(:admin)
2018-07-15 23:11:53 +00:00
get '/admin', to: redirect('/admin/dashboard', status: 302)
draw(:api)
2016-02-22 15:00:20 +00:00
web_app_paths.each do |path|
get path, to: 'home#index'
end
get '/web/(*any)', to: redirect('/%{any}', status: 302), as: :web, defaults: { any: '' }, format: false
2022-10-26 14:56:37 +00:00
get '/about', to: 'about#show'
get '/about/more', to: redirect('/about')
get '/privacy-policy', to: 'privacy#show', as: :privacy_policy
get '/terms', to: redirect('/privacy-policy')
match '/', via: [:post, :put, :patch, :delete], to: 'application#raise_not_found', format: false
match '*unmatched_route', via: :all, to: 'application#raise_not_found', format: false
2016-02-20 21:53:20 +00:00
end