2019-09-09 14:49:02 +00:00
|
|
|
# Pleroma: A lightweight social networking server
|
2020-03-02 05:08:45 +00:00
|
|
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
2019-09-09 14:49:02 +00:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
defmodule Pleroma.Web.MastodonAPI.StatusController do
|
|
|
|
use Pleroma.Web, :controller
|
|
|
|
|
2020-04-01 16:49:09 +00:00
|
|
|
import Pleroma.Web.ControllerHelper,
|
|
|
|
only: [try_render: 3, add_link_headers: 2, skip_relationships?: 1]
|
2019-09-09 14:49:02 +00:00
|
|
|
|
|
|
|
require Ecto.Query
|
|
|
|
|
|
|
|
alias Pleroma.Activity
|
|
|
|
alias Pleroma.Bookmark
|
|
|
|
alias Pleroma.Object
|
2019-10-02 17:42:40 +00:00
|
|
|
alias Pleroma.Plugs.OAuthScopesPlug
|
2019-09-09 14:49:02 +00:00
|
|
|
alias Pleroma.Plugs.RateLimiter
|
|
|
|
alias Pleroma.Repo
|
|
|
|
alias Pleroma.ScheduledActivity
|
|
|
|
alias Pleroma.User
|
|
|
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
|
|
|
alias Pleroma.Web.ActivityPub.Visibility
|
|
|
|
alias Pleroma.Web.CommonAPI
|
|
|
|
alias Pleroma.Web.MastodonAPI.AccountView
|
|
|
|
alias Pleroma.Web.MastodonAPI.ScheduledActivityView
|
|
|
|
|
2019-10-02 17:42:40 +00:00
|
|
|
@unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
|
|
|
|
|
|
|
|
plug(
|
|
|
|
OAuthScopesPlug,
|
|
|
|
%{@unauthenticated_access | scopes: ["read:statuses"]}
|
|
|
|
when action in [
|
|
|
|
:index,
|
|
|
|
:show,
|
|
|
|
:card,
|
|
|
|
:context
|
|
|
|
]
|
|
|
|
)
|
|
|
|
|
|
|
|
plug(
|
|
|
|
OAuthScopesPlug,
|
|
|
|
%{scopes: ["write:statuses"]}
|
|
|
|
when action in [
|
|
|
|
:create,
|
|
|
|
:delete,
|
|
|
|
:reblog,
|
|
|
|
:unreblog
|
|
|
|
]
|
|
|
|
)
|
|
|
|
|
2019-10-06 14:12:17 +00:00
|
|
|
plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
|
|
|
|
|
2019-10-02 17:42:40 +00:00
|
|
|
plug(
|
|
|
|
OAuthScopesPlug,
|
|
|
|
%{scopes: ["write:favourites"]} when action in [:favourite, :unfavourite]
|
|
|
|
)
|
|
|
|
|
|
|
|
plug(
|
|
|
|
OAuthScopesPlug,
|
|
|
|
%{scopes: ["write:mutes"]} when action in [:mute_conversation, :unmute_conversation]
|
|
|
|
)
|
|
|
|
|
|
|
|
plug(
|
|
|
|
OAuthScopesPlug,
|
|
|
|
%{@unauthenticated_access | scopes: ["read:accounts"]}
|
|
|
|
when action in [:favourited_by, :reblogged_by]
|
|
|
|
)
|
|
|
|
|
|
|
|
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action in [:pin, :unpin])
|
|
|
|
|
2019-10-06 14:12:17 +00:00
|
|
|
# Note: scope not present in Mastodon: read:bookmarks
|
|
|
|
plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
|
|
|
|
|
2019-10-02 17:42:40 +00:00
|
|
|
# Note: scope not present in Mastodon: write:bookmarks
|
|
|
|
plug(
|
|
|
|
OAuthScopesPlug,
|
|
|
|
%{scopes: ["write:bookmarks"]} when action in [:bookmark, :unbookmark]
|
|
|
|
)
|
|
|
|
|
2020-03-20 10:04:37 +00:00
|
|
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action not in [:index, :show])
|
2019-10-02 17:42:40 +00:00
|
|
|
|
2019-09-09 14:49:02 +00:00
|
|
|
@rate_limited_status_actions ~w(reblog unreblog favourite unfavourite create delete)a
|
|
|
|
|
|
|
|
plug(
|
|
|
|
RateLimiter,
|
2019-11-11 12:13:06 +00:00
|
|
|
[name: :status_id_action, bucket_name: "status_id_action:reblog_unreblog", params: ["id"]]
|
2019-09-09 14:49:02 +00:00
|
|
|
when action in ~w(reblog unreblog)a
|
|
|
|
)
|
|
|
|
|
|
|
|
plug(
|
|
|
|
RateLimiter,
|
2019-11-11 12:13:06 +00:00
|
|
|
[name: :status_id_action, bucket_name: "status_id_action:fav_unfav", params: ["id"]]
|
2019-09-09 14:49:02 +00:00
|
|
|
when action in ~w(favourite unfavourite)a
|
|
|
|
)
|
|
|
|
|
2019-11-11 12:13:06 +00:00
|
|
|
plug(RateLimiter, [name: :statuses_actions] when action in @rate_limited_status_actions)
|
2019-09-09 14:49:02 +00:00
|
|
|
|
|
|
|
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
|
|
|
|
|
|
|
@doc """
|
|
|
|
GET `/api/v1/statuses?ids[]=1&ids[]=2`
|
|
|
|
|
|
|
|
`ids` query param is required
|
|
|
|
"""
|
2020-04-01 16:49:09 +00:00
|
|
|
def index(%{assigns: %{user: user}} = conn, %{"ids" => ids} = params) do
|
2019-09-09 14:49:02 +00:00
|
|
|
limit = 100
|
|
|
|
|
|
|
|
activities =
|
|
|
|
ids
|
|
|
|
|> Enum.take(limit)
|
|
|
|
|> Activity.all_by_ids_with_object()
|
|
|
|
|> Enum.filter(&Visibility.visible_for_user?(&1, user))
|
|
|
|
|
2020-04-01 16:49:09 +00:00
|
|
|
render(conn, "index.json",
|
|
|
|
activities: activities,
|
|
|
|
for: user,
|
|
|
|
as: :activity,
|
|
|
|
skip_relationships: skip_relationships?(params)
|
|
|
|
)
|
2019-09-09 14:49:02 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
@doc """
|
|
|
|
POST /api/v1/statuses
|
|
|
|
|
|
|
|
Creates a scheduled status when `scheduled_at` param is present and it's far enough
|
|
|
|
"""
|
|
|
|
def create(
|
|
|
|
%{assigns: %{user: user}} = conn,
|
|
|
|
%{"status" => _, "scheduled_at" => scheduled_at} = params
|
|
|
|
) do
|
|
|
|
params = Map.put(params, "in_reply_to_status_id", params["in_reply_to_id"])
|
|
|
|
|
2019-12-03 18:30:10 +00:00
|
|
|
with {:far_enough, true} <- {:far_enough, ScheduledActivity.far_enough?(scheduled_at)},
|
|
|
|
attrs <- %{"params" => params, "scheduled_at" => scheduled_at},
|
|
|
|
{:ok, scheduled_activity} <- ScheduledActivity.create(user, attrs) do
|
|
|
|
conn
|
|
|
|
|> put_view(ScheduledActivityView)
|
|
|
|
|> render("show.json", scheduled_activity: scheduled_activity)
|
2019-09-09 14:49:02 +00:00
|
|
|
else
|
2019-12-03 18:30:10 +00:00
|
|
|
{:far_enough, _} ->
|
|
|
|
create(conn, Map.drop(params, ["scheduled_at"]))
|
|
|
|
|
|
|
|
error ->
|
|
|
|
error
|
2019-09-09 14:49:02 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc """
|
|
|
|
POST /api/v1/statuses
|
|
|
|
|
|
|
|
Creates a regular status
|
|
|
|
"""
|
|
|
|
def create(%{assigns: %{user: user}} = conn, %{"status" => _} = params) do
|
|
|
|
params = Map.put(params, "in_reply_to_status_id", params["in_reply_to_id"])
|
|
|
|
|
|
|
|
with {:ok, activity} <- CommonAPI.post(user, params) do
|
|
|
|
try_render(conn, "show.json",
|
|
|
|
activity: activity,
|
|
|
|
for: user,
|
|
|
|
as: :activity,
|
|
|
|
with_direct_conversation_id: true
|
|
|
|
)
|
|
|
|
else
|
|
|
|
{:error, message} ->
|
|
|
|
conn
|
|
|
|
|> put_status(:unprocessable_entity)
|
|
|
|
|> json(%{error: message})
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-09-27 23:21:28 +00:00
|
|
|
def create(%{assigns: %{user: _user}} = conn, %{"media_ids" => _} = params) do
|
|
|
|
create(conn, Map.put(params, "status", ""))
|
|
|
|
end
|
|
|
|
|
2019-09-09 14:49:02 +00:00
|
|
|
@doc "GET /api/v1/statuses/:id"
|
|
|
|
def show(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
|
|
with %Activity{} = activity <- Activity.get_by_id_with_object(id),
|
|
|
|
true <- Visibility.visible_for_user?(activity, user) do
|
2019-10-09 03:51:14 +00:00
|
|
|
try_render(conn, "show.json",
|
|
|
|
activity: activity,
|
|
|
|
for: user,
|
|
|
|
with_direct_conversation_id: true
|
|
|
|
)
|
2020-03-04 17:09:06 +00:00
|
|
|
else
|
|
|
|
_ -> {:error, :not_found}
|
2019-09-09 14:49:02 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "DELETE /api/v1/statuses/:id"
|
|
|
|
def delete(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
|
|
with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do
|
|
|
|
json(conn, %{})
|
|
|
|
else
|
2020-03-04 17:09:06 +00:00
|
|
|
{:error, :not_found} = e -> e
|
2019-09-09 14:49:02 +00:00
|
|
|
_e -> render_error(conn, :forbidden, "Can't delete this post")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/reblog"
|
2019-10-01 16:38:23 +00:00
|
|
|
def reblog(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id} = params) do
|
|
|
|
with {:ok, announce, _activity} <- CommonAPI.repeat(ap_id_or_id, user, params),
|
2019-09-09 14:49:02 +00:00
|
|
|
%Activity{} = announce <- Activity.normalize(announce.data) do
|
|
|
|
try_render(conn, "show.json", %{activity: announce, for: user, as: :activity})
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/unreblog"
|
|
|
|
def unreblog(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
|
|
|
|
with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user),
|
|
|
|
%Activity{} = activity <- Activity.get_create_by_object_ap_id_with_object(id) do
|
|
|
|
try_render(conn, "show.json", %{activity: activity, for: user, as: :activity})
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/favourite"
|
|
|
|
def favourite(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
|
|
|
|
with {:ok, _fav, %{data: %{"id" => id}}} <- CommonAPI.favorite(ap_id_or_id, user),
|
|
|
|
%Activity{} = activity <- Activity.get_create_by_object_ap_id(id) do
|
|
|
|
try_render(conn, "show.json", activity: activity, for: user, as: :activity)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/unfavourite"
|
|
|
|
def unfavourite(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
|
|
|
|
with {:ok, _, _, %{data: %{"id" => id}}} <- CommonAPI.unfavorite(ap_id_or_id, user),
|
|
|
|
%Activity{} = activity <- Activity.get_create_by_object_ap_id(id) do
|
|
|
|
try_render(conn, "show.json", activity: activity, for: user, as: :activity)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/pin"
|
|
|
|
def pin(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
|
|
|
|
with {:ok, activity} <- CommonAPI.pin(ap_id_or_id, user) do
|
|
|
|
try_render(conn, "show.json", activity: activity, for: user, as: :activity)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/unpin"
|
|
|
|
def unpin(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
|
|
|
|
with {:ok, activity} <- CommonAPI.unpin(ap_id_or_id, user) do
|
|
|
|
try_render(conn, "show.json", activity: activity, for: user, as: :activity)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/bookmark"
|
|
|
|
def bookmark(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
|
|
with %Activity{} = activity <- Activity.get_by_id_with_object(id),
|
|
|
|
%User{} = user <- User.get_cached_by_nickname(user.nickname),
|
|
|
|
true <- Visibility.visible_for_user?(activity, user),
|
|
|
|
{:ok, _bookmark} <- Bookmark.create(user.id, activity.id) do
|
|
|
|
try_render(conn, "show.json", activity: activity, for: user, as: :activity)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/unbookmark"
|
|
|
|
def unbookmark(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
|
|
with %Activity{} = activity <- Activity.get_by_id_with_object(id),
|
|
|
|
%User{} = user <- User.get_cached_by_nickname(user.nickname),
|
|
|
|
true <- Visibility.visible_for_user?(activity, user),
|
|
|
|
{:ok, _bookmark} <- Bookmark.destroy(user.id, activity.id) do
|
|
|
|
try_render(conn, "show.json", activity: activity, for: user, as: :activity)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/mute"
|
|
|
|
def mute_conversation(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
|
|
with %Activity{} = activity <- Activity.get_by_id(id),
|
|
|
|
{:ok, activity} <- CommonAPI.add_mute(user, activity) do
|
|
|
|
try_render(conn, "show.json", activity: activity, for: user, as: :activity)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "POST /api/v1/statuses/:id/unmute"
|
|
|
|
def unmute_conversation(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
|
|
with %Activity{} = activity <- Activity.get_by_id(id),
|
|
|
|
{:ok, activity} <- CommonAPI.remove_mute(user, activity) do
|
|
|
|
try_render(conn, "show.json", activity: activity, for: user, as: :activity)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "GET /api/v1/statuses/:id/card"
|
2019-09-28 07:32:03 +00:00
|
|
|
@deprecated "https://github.com/tootsuite/mastodon/pull/11213"
|
2019-09-09 14:49:02 +00:00
|
|
|
def card(%{assigns: %{user: user}} = conn, %{"id" => status_id}) do
|
|
|
|
with %Activity{} = activity <- Activity.get_by_id(status_id),
|
|
|
|
true <- Visibility.visible_for_user?(activity, user) do
|
|
|
|
data = Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
|
|
|
|
render(conn, "card.json", data)
|
|
|
|
else
|
|
|
|
_ -> render_error(conn, :not_found, "Record not found")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "GET /api/v1/statuses/:id/favourited_by"
|
|
|
|
def favourited_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
|
|
with %Activity{} = activity <- Activity.get_by_id_with_object(id),
|
|
|
|
{:visible, true} <- {:visible, Visibility.visible_for_user?(activity, user)},
|
|
|
|
%Object{data: %{"likes" => likes}} <- Object.normalize(activity) do
|
|
|
|
users =
|
|
|
|
User
|
|
|
|
|> Ecto.Query.where([u], u.ap_id in ^likes)
|
|
|
|
|> Repo.all()
|
|
|
|
|> Enum.filter(&(not User.blocks?(user, &1)))
|
|
|
|
|
|
|
|
conn
|
|
|
|
|> put_view(AccountView)
|
2019-09-30 12:10:54 +00:00
|
|
|
|> render("index.json", for: user, users: users, as: :user)
|
2019-09-09 14:49:02 +00:00
|
|
|
else
|
|
|
|
{:visible, false} -> {:error, :not_found}
|
|
|
|
_ -> json(conn, [])
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "GET /api/v1/statuses/:id/reblogged_by"
|
|
|
|
def reblogged_by(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
|
|
with %Activity{} = activity <- Activity.get_by_id_with_object(id),
|
|
|
|
{:visible, true} <- {:visible, Visibility.visible_for_user?(activity, user)},
|
2019-10-01 19:40:35 +00:00
|
|
|
%Object{data: %{"announcements" => announces, "id" => ap_id}} <-
|
|
|
|
Object.normalize(activity) do
|
|
|
|
announces =
|
|
|
|
"Announce"
|
|
|
|
|> Activity.Queries.by_type()
|
|
|
|
|> Ecto.Query.where([a], a.actor in ^announces)
|
|
|
|
# this is to use the index
|
|
|
|
|> Activity.Queries.by_object_id(ap_id)
|
|
|
|
|> Repo.all()
|
|
|
|
|> Enum.filter(&Visibility.visible_for_user?(&1, user))
|
|
|
|
|> Enum.map(& &1.actor)
|
|
|
|
|> Enum.uniq()
|
|
|
|
|
2019-09-09 14:49:02 +00:00
|
|
|
users =
|
|
|
|
User
|
|
|
|
|> Ecto.Query.where([u], u.ap_id in ^announces)
|
|
|
|
|> Repo.all()
|
|
|
|
|> Enum.filter(&(not User.blocks?(user, &1)))
|
|
|
|
|
|
|
|
conn
|
|
|
|
|> put_view(AccountView)
|
2019-09-30 12:10:54 +00:00
|
|
|
|> render("index.json", for: user, users: users, as: :user)
|
2019-09-09 14:49:02 +00:00
|
|
|
else
|
|
|
|
{:visible, false} -> {:error, :not_found}
|
|
|
|
_ -> json(conn, [])
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc "GET /api/v1/statuses/:id/context"
|
|
|
|
def context(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
|
|
|
with %Activity{} = activity <- Activity.get_by_id(id) do
|
|
|
|
activities =
|
|
|
|
ActivityPub.fetch_activities_for_context(activity.data["context"], %{
|
|
|
|
"blocking_user" => user,
|
|
|
|
"user" => user,
|
|
|
|
"exclude_id" => activity.id
|
|
|
|
})
|
|
|
|
|
2019-09-26 07:28:35 +00:00
|
|
|
render(conn, "context.json", activity: activity, activities: activities, user: user)
|
2019-09-09 14:49:02 +00:00
|
|
|
end
|
|
|
|
end
|
2019-10-02 11:27:01 +00:00
|
|
|
|
|
|
|
@doc "GET /api/v1/favourites"
|
|
|
|
def favourites(%{assigns: %{user: user}} = conn, params) do
|
|
|
|
activities =
|
2019-11-18 07:00:48 +00:00
|
|
|
ActivityPub.fetch_favourites(
|
|
|
|
user,
|
|
|
|
Map.take(params, Pleroma.Pagination.page_keys())
|
|
|
|
)
|
2019-10-02 11:27:01 +00:00
|
|
|
|
|
|
|
conn
|
|
|
|
|> add_link_headers(activities)
|
2020-04-01 16:49:09 +00:00
|
|
|
|> render("index.json",
|
|
|
|
activities: activities,
|
|
|
|
for: user,
|
|
|
|
as: :activity,
|
|
|
|
skip_relationships: skip_relationships?(params)
|
|
|
|
)
|
2019-10-02 11:27:01 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
@doc "GET /api/v1/bookmarks"
|
|
|
|
def bookmarks(%{assigns: %{user: user}} = conn, params) do
|
|
|
|
user = User.get_cached_by_id(user.id)
|
|
|
|
|
|
|
|
bookmarks =
|
|
|
|
user.id
|
|
|
|
|> Bookmark.for_user_query()
|
|
|
|
|> Pleroma.Pagination.fetch_paginated(params)
|
|
|
|
|
|
|
|
activities =
|
|
|
|
bookmarks
|
|
|
|
|> Enum.map(fn b -> Map.put(b.activity, :bookmark, Map.delete(b, :activity)) end)
|
|
|
|
|
|
|
|
conn
|
|
|
|
|> add_link_headers(bookmarks)
|
2020-04-01 16:49:09 +00:00
|
|
|
|> render("index.json",
|
|
|
|
activities: activities,
|
|
|
|
for: user,
|
|
|
|
as: :activity,
|
|
|
|
skip_relationships: skip_relationships?(params)
|
|
|
|
)
|
2019-10-02 11:27:01 +00:00
|
|
|
end
|
2019-09-09 14:49:02 +00:00
|
|
|
end
|