[#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes

# Conflicts:
#	CHANGELOG.md
#	lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
#	lib/pleroma/web/router.ex
This commit is contained in:
Ivan Tashkinov 2019-10-06 17:12:17 +03:00
parent 06b3bb54c5
commit b93856874d
18 changed files with 186 additions and 249 deletions

View file

@ -30,11 +30,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
when action in [:activity, :object] when action in [:activity, :object]
) )
plug(
Pleroma.Plugs.OAuthScopesPlug,
%{scopes: ["read:accounts"]} when action in [:followers, :following]
)
plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay]) plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay])
plug(:set_requester_reachable when action in [:inbox]) plug(:set_requester_reachable when action in [:inbox])
plug(:relay_active? when action in [:relay]) plug(:relay_active? when action in [:relay])

View file

@ -5,8 +5,20 @@
defmodule Pleroma.Web.MastoFEController do defmodule Pleroma.Web.MastoFEController do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User alias Pleroma.User
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
# Note: :index action handles attempt of unauthenticated access to private instance with redirect
plug(
OAuthScopesPlug,
%{scopes: ["read"], fallback: :proceed_unauthenticated, skip_instance_privacy_check: true}
when action == :index
)
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :index)
@doc "GET /web/*path" @doc "GET /web/*path"
def index(%{assigns: %{user: user}} = conn, _params) do def index(%{assigns: %{user: user}} = conn, _params) do
token = get_session(conn, :oauth_token) token = get_session(conn, :oauth_token)

View file

@ -36,6 +36,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists) plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists)
plug(
OAuthScopesPlug,
%{scopes: ["follow", "read:blocks"]} when action == :blocks
)
plug( plug(
OAuthScopesPlug, OAuthScopesPlug,
%{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock] %{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock]
@ -43,11 +48,14 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships) plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships)
# Note: :follows (POST /api/v1/follows) is the same as :follow, consider removing :follows
plug( plug(
OAuthScopesPlug, OAuthScopesPlug,
%{scopes: ["follow", "write:follows"]} when action in [:follow, :unfollow] %{scopes: ["follow", "write:follows"]} when action in [:follows, :follow, :unfollow]
) )
plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute]) plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
plug( plug(

View file

@ -5,6 +5,7 @@
defmodule Pleroma.Web.MastodonAPI.AppController do defmodule Pleroma.Web.MastodonAPI.AppController do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.App
alias Pleroma.Web.OAuth.Scopes alias Pleroma.Web.OAuth.Scopes
@ -12,6 +13,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
action_fallback(Pleroma.Web.MastodonAPI.FallbackController) action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
plug(OAuthScopesPlug, %{scopes: ["read"]} when action == :verify_credentials)
@local_mastodon_name "Mastodon-Local" @local_mastodon_name "Mastodon-Local"
@doc "POST /api/v1/apps" @doc "POST /api/v1/apps"

View file

@ -18,6 +18,8 @@ defmodule Pleroma.Web.MastodonAPI.DomainBlockController do
%{scopes: ["follow", "write:blocks"]} when action != :index %{scopes: ["follow", "write:blocks"]} when action != :index
) )
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
@doc "GET /api/v1/domain_blocks" @doc "GET /api/v1/domain_blocks"
def index(%{assigns: %{user: %{info: info}}} = conn, _) do def index(%{assigns: %{user: %{info: info}}} = conn, _) do
json(conn, Map.get(info, :domain_blocks, [])) json(conn, Map.get(info, :domain_blocks, []))

View file

@ -21,6 +21,8 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestController do
%{scopes: ["follow", "write:follows"]} when action != :index %{scopes: ["follow", "write:follows"]} when action != :index
) )
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
@doc "GET /api/v1/follow_requests" @doc "GET /api/v1/follow_requests"
def index(%{assigns: %{user: followed}} = conn, _params) do def index(%{assigns: %{user: followed}} = conn, _params) do
follow_requests = User.get_follow_requests(followed) follow_requests = User.get_follow_requests(followed)

View file

@ -7,69 +7,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
require Logger require Logger
alias Pleroma.Plugs.OAuthScopesPlug
@unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
# Note: :index action handles attempt of unauthenticated access to private instance with redirect
plug(
OAuthScopesPlug,
Map.merge(@unauthenticated_access, %{scopes: ["read"], skip_instance_privacy_check: true})
when action == :index
)
plug(
OAuthScopesPlug,
%{scopes: ["read"]} when action in [:suggestions, :verify_app_credentials]
)
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
plug(
OAuthScopesPlug,
%{@unauthenticated_access | scopes: ["read:statuses"]} when action == :get_poll
)
plug(OAuthScopesPlug, %{scopes: ["write:statuses"]} when action == :poll_vote)
plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action in [:upload, :update_media])
plug(
OAuthScopesPlug,
%{scopes: ["follow", "read:blocks"]} when action == :blocks
)
# To do: POST /api/v1/follows is not present in Mastodon; consider removing the action
plug(
OAuthScopesPlug,
%{scopes: ["follow", "write:follows"]} when action == :follows
)
plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
# Note: scope not present in Mastodon: read:bookmarks
plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
# An extra safety measure for possible actions not guarded by OAuth permissions specification
plug(
Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
when action not in [
:create_app,
:index,
:login,
:logout,
:password_reset,
:masto_instance,
:peers,
:custom_emojis
]
)
plug(RateLimiter, :password_reset when action == :password_reset)
@local_mastodon_name "Mastodon-Local"
action_fallback(Pleroma.Web.MastodonAPI.FallbackController) action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
# Stubs for unimplemented mastodon api # Stubs for unimplemented mastodon api

View file

@ -6,12 +6,17 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Object alias Pleroma.Object
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.ActivityPub
action_fallback(Pleroma.Web.MastodonAPI.FallbackController) action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView) plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
plug(OAuthScopesPlug, %{scopes: ["write:media"]})
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
@doc "POST /api/v1/media" @doc "POST /api/v1/media"
def create(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do def create(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do
with {:ok, object} <- with {:ok, object} <-

View file

@ -20,6 +20,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationController do
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action not in @oauth_read_actions) plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action not in @oauth_read_actions)
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
# GET /api/v1/notifications # GET /api/v1/notifications
def index(%{assigns: %{user: user}} = conn, params) do def index(%{assigns: %{user: user}} = conn, params) do
notifications = MastodonAPI.get_notifications(user, params) notifications = MastodonAPI.get_notifications(user, params)

View file

@ -9,11 +9,21 @@ defmodule Pleroma.Web.MastodonAPI.PollController do
alias Pleroma.Activity alias Pleroma.Activity
alias Pleroma.Object alias Pleroma.Object
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Web.ActivityPub.Visibility
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
action_fallback(Pleroma.Web.MastodonAPI.FallbackController) action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
plug(
OAuthScopesPlug,
%{scopes: ["read:statuses"], fallback: :proceed_unauthenticated} when action == :show
)
plug(OAuthScopesPlug, %{scopes: ["write:statuses"]} when action == :vote)
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
@doc "GET /api/v1/polls/:id" @doc "GET /api/v1/polls/:id"
def show(%{assigns: %{user: user}} = conn, %{"id" => id}) do def show(%{assigns: %{user: user}} = conn, %{"id" => id}) do
with %Object{} = object <- Object.get_by_id_and_maybe_refetch(id, interval: 60), with %Object{} = object <- Object.get_by_id_and_maybe_refetch(id, interval: 60),

View file

@ -11,6 +11,8 @@ defmodule Pleroma.Web.MastodonAPI.ReportController do
plug(OAuthScopesPlug, %{scopes: ["write:reports"]} when action == :create) plug(OAuthScopesPlug, %{scopes: ["write:reports"]} when action == :create)
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
@doc "POST /api/v1/reports" @doc "POST /api/v1/reports"
def create(%{assigns: %{user: user}} = conn, params) do def create(%{assigns: %{user: user}} = conn, params) do
with {:ok, activity} <- Pleroma.Web.CommonAPI.report(user, params) do with {:ok, activity} <- Pleroma.Web.CommonAPI.report(user, params) do

View file

@ -20,6 +20,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
# Note: Mastodon doesn't allow unauthenticated access (requires read:accounts / read:search) # Note: Mastodon doesn't allow unauthenticated access (requires read:accounts / read:search)
plug(OAuthScopesPlug, %{scopes: ["read:search"], fallback: :proceed_unauthenticated}) plug(OAuthScopesPlug, %{scopes: ["read:search"], fallback: :proceed_unauthenticated})
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
plug(RateLimiter, :search when action in [:search, :search2, :account_search]) plug(RateLimiter, :search when action in [:search, :search2, :account_search])
def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do

View file

@ -47,6 +47,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
] ]
) )
plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
plug( plug(
OAuthScopesPlug, OAuthScopesPlug,
%{scopes: ["write:favourites"]} when action in [:favourite, :unfavourite] %{scopes: ["write:favourites"]} when action in [:favourite, :unfavourite]
@ -65,6 +67,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action in [:pin, :unpin]) plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action in [:pin, :unpin])
# Note: scope not present in Mastodon: read:bookmarks
plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
# Note: scope not present in Mastodon: write:bookmarks # Note: scope not present in Mastodon: write:bookmarks
plug( plug(
OAuthScopesPlug, OAuthScopesPlug,

View file

@ -14,6 +14,8 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionController do
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]}) plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
# Creates PushSubscription # Creates PushSubscription
# POST /api/v1/push/subscription # POST /api/v1/push/subscription
# #

View file

@ -8,11 +8,16 @@ defmodule Pleroma.Web.MastodonAPI.SuggestionController do
require Logger require Logger
alias Pleroma.Config alias Pleroma.Config
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.MediaProxy alias Pleroma.Web.MediaProxy
action_fallback(Pleroma.Web.MastodonAPI.FallbackController) action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
plug(OAuthScopesPlug, %{scopes: ["read"]} when action == :index)
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
@doc "GET /api/v1/suggestions" @doc "GET /api/v1/suggestions"
def index(%{assigns: %{user: user}} = conn, _) do def index(%{assigns: %{user: user}} = conn, _) do
if Config.get([:suggestions, :enabled], false) do if Config.get([:suggestions, :enabled], false) do

View file

@ -1,8 +1,26 @@
defmodule Pleroma.Web.PleromaAPI.EmojiAPIController do defmodule Pleroma.Web.PleromaAPI.EmojiAPIController do
use Pleroma.Web, :controller use Pleroma.Web, :controller
alias Pleroma.Plugs.OAuthScopesPlug
require Logger require Logger
plug(
OAuthScopesPlug,
%{scopes: ["write"]}
when action in [
:create,
:delete,
:download_from,
:list_from,
:import_from_fs,
:update_file,
:update_metadata
]
)
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
def emoji_dir_path do def emoji_dir_path do
Path.join( Path.join(
Pleroma.Config.get!([:instance, :static_dir]), Pleroma.Config.get!([:instance, :static_dir]),

View file

@ -87,31 +87,6 @@ defmodule Pleroma.Web.Router do
plug(Pleroma.Plugs.EnsureUserKeyPlug) plug(Pleroma.Plugs.EnsureUserKeyPlug)
end end
pipeline :oauth_read_or_public do
plug(Pleroma.Plugs.OAuthScopesPlug, %{
scopes: ["read"],
fallback: :proceed_unauthenticated
})
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
end
pipeline :oauth_read do
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["read"]})
end
pipeline :oauth_write do
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["write"]})
end
pipeline :oauth_follow do
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["follow"]})
end
pipeline :oauth_push do
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
end
pipeline :well_known do pipeline :well_known do
plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"]) plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"])
end end
@ -154,7 +129,7 @@ defmodule Pleroma.Web.Router do
end end
scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do
pipe_through([:admin_api, :oauth_write]) pipe_through(:admin_api)
post("/users/follow", AdminAPIController, :user_follow) post("/users/follow", AdminAPIController, :user_follow)
post("/users/unfollow", AdminAPIController, :user_unfollow) post("/users/unfollow", AdminAPIController, :user_unfollow)
@ -213,7 +188,7 @@ defmodule Pleroma.Web.Router do
scope "/api/pleroma/emoji", Pleroma.Web.PleromaAPI do scope "/api/pleroma/emoji", Pleroma.Web.PleromaAPI do
scope "/packs" do scope "/packs" do
# Modifying packs # Modifying packs
pipe_through([:admin_api, :oauth_write]) pipe_through(:admin_api)
post("/import_from_fs", EmojiAPIController, :import_from_fs) post("/import_from_fs", EmojiAPIController, :import_from_fs)
@ -238,31 +213,20 @@ defmodule Pleroma.Web.Router do
post("/main/ostatus", UtilController, :remote_subscribe) post("/main/ostatus", UtilController, :remote_subscribe)
get("/ostatus_subscribe", UtilController, :remote_follow) get("/ostatus_subscribe", UtilController, :remote_follow)
scope [] do post("/ostatus_subscribe", UtilController, :do_remote_follow)
pipe_through(:oauth_follow)
post("/ostatus_subscribe", UtilController, :do_remote_follow)
end
end end
scope "/api/pleroma", Pleroma.Web.TwitterAPI do scope "/api/pleroma", Pleroma.Web.TwitterAPI do
pipe_through(:authenticated_api) pipe_through(:authenticated_api)
scope [] do post("/change_email", UtilController, :change_email)
pipe_through(:oauth_write) post("/change_password", UtilController, :change_password)
post("/delete_account", UtilController, :delete_account)
put("/notification_settings", UtilController, :update_notificaton_settings)
post("/disable_account", UtilController, :disable_account)
post("/change_email", UtilController, :change_email) post("/blocks_import", UtilController, :blocks_import)
post("/change_password", UtilController, :change_password) post("/follow_import", UtilController, :follow_import)
post("/delete_account", UtilController, :delete_account)
put("/notification_settings", UtilController, :update_notificaton_settings)
post("/disable_account", UtilController, :disable_account)
end
scope [] do
pipe_through(:oauth_follow)
post("/blocks_import", UtilController, :blocks_import)
post("/follow_import", UtilController, :follow_import)
end
end end
scope "/oauth", Pleroma.Web.OAuth do scope "/oauth", Pleroma.Web.OAuth do
@ -289,14 +253,14 @@ defmodule Pleroma.Web.Router do
scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
scope [] do scope [] do
pipe_through(:authenticated_api) pipe_through(:authenticated_api)
pipe_through(:oauth_read)
get("/conversations/:id/statuses", PleromaAPIController, :conversation_statuses) get("/conversations/:id/statuses", PleromaAPIController, :conversation_statuses)
get("/conversations/:id", PleromaAPIController, :conversation) get("/conversations/:id", PleromaAPIController, :conversation)
end end
scope [] do scope [] do
pipe_through(:authenticated_api) pipe_through(:authenticated_api)
pipe_through(:oauth_write)
patch("/conversations/:id", PleromaAPIController, :update_conversation) patch("/conversations/:id", PleromaAPIController, :update_conversation)
post("/notifications/read", PleromaAPIController, :read_notification) post("/notifications/read", PleromaAPIController, :read_notification)
@ -312,13 +276,11 @@ defmodule Pleroma.Web.Router do
scope [] do scope [] do
pipe_through(:api) pipe_through(:api)
pipe_through(:oauth_read_or_public)
get("/accounts/:id/favourites", AccountController, :favourites) get("/accounts/:id/favourites", AccountController, :favourites)
end end
scope [] do scope [] do
pipe_through(:authenticated_api) pipe_through(:authenticated_api)
pipe_through(:oauth_follow)
post("/accounts/:id/subscribe", AccountController, :subscribe) post("/accounts/:id/subscribe", AccountController, :subscribe)
post("/accounts/:id/unsubscribe", AccountController, :unsubscribe) post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
@ -328,131 +290,114 @@ defmodule Pleroma.Web.Router do
end end
scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
pipe_through([:api, :oauth_read_or_public]) pipe_through(:api)
get("/accounts/:id/scrobbles", ScrobbleController, :user_scrobbles) get("/accounts/:id/scrobbles", ScrobbleController, :user_scrobbles)
end end
scope "/api/v1", Pleroma.Web.MastodonAPI do scope "/api/v1", Pleroma.Web.MastodonAPI do
pipe_through(:authenticated_api) pipe_through(:authenticated_api)
scope [] do get("/accounts/verify_credentials", AccountController, :verify_credentials)
pipe_through(:oauth_read)
get("/accounts/verify_credentials", AccountController, :verify_credentials) get("/accounts/relationships", AccountController, :relationships)
get("/accounts/relationships", AccountController, :relationships) get("/accounts/:id/lists", AccountController, :lists)
get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array)
get("/accounts/:id/lists", AccountController, :lists) get("/follow_requests", FollowRequestController, :index)
get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array) get("/blocks", AccountController, :blocks)
get("/mutes", AccountController, :mutes)
get("/follow_requests", FollowRequestController, :index) get("/timelines/home", TimelineController, :home)
get("/blocks", AccountController, :blocks) get("/timelines/direct", TimelineController, :direct)
get("/mutes", AccountController, :mutes)
get("/timelines/home", TimelineController, :home) get("/favourites", StatusController, :favourites)
get("/timelines/direct", TimelineController, :direct) get("/bookmarks", StatusController, :bookmarks)
get("/favourites", StatusController, :favourites) get("/notifications", NotificationController, :index)
get("/bookmarks", StatusController, :bookmarks) get("/notifications/:id", NotificationController, :show)
post("/notifications/clear", NotificationController, :clear)
post("/notifications/dismiss", NotificationController, :dismiss)
delete("/notifications/destroy_multiple", NotificationController, :destroy_multiple)
get("/notifications", NotificationController, :index) get("/scheduled_statuses", ScheduledActivityController, :index)
get("/notifications/:id", NotificationController, :show) get("/scheduled_statuses/:id", ScheduledActivityController, :show)
post("/notifications/clear", NotificationController, :clear)
post("/notifications/dismiss", NotificationController, :dismiss)
delete("/notifications/destroy_multiple", NotificationController, :destroy_multiple)
get("/scheduled_statuses", ScheduledActivityController, :index) get("/lists", ListController, :index)
get("/scheduled_statuses/:id", ScheduledActivityController, :show) get("/lists/:id", ListController, :show)
get("/lists/:id/accounts", ListController, :list_accounts)
get("/lists", ListController, :index) get("/domain_blocks", DomainBlockController, :index)
get("/lists/:id", ListController, :show)
get("/lists/:id/accounts", ListController, :list_accounts)
get("/domain_blocks", DomainBlockController, :index) get("/filters", FilterController, :index)
get("/filters", FilterController, :index) get("/suggestions", SuggestionController, :index)
get("/suggestions", SuggestionController, :index) get("/conversations", ConversationController, :index)
post("/conversations/:id/read", ConversationController, :read)
get("/conversations", ConversationController, :index) get("/endorsements", AccountController, :endorsements)
post("/conversations/:id/read", ConversationController, :read)
get("/endorsements", MastodonAPIController, :empty_array) patch("/accounts/update_credentials", AccountController, :update_credentials)
end
scope [] do post("/statuses", StatusController, :create)
pipe_through(:oauth_write) delete("/statuses/:id", StatusController, :delete)
patch("/accounts/update_credentials", AccountController, :update_credentials) post("/statuses/:id/reblog", StatusController, :reblog)
post("/statuses/:id/unreblog", StatusController, :unreblog)
post("/statuses/:id/favourite", StatusController, :favourite)
post("/statuses/:id/unfavourite", StatusController, :unfavourite)
post("/statuses/:id/pin", StatusController, :pin)
post("/statuses/:id/unpin", StatusController, :unpin)
post("/statuses/:id/bookmark", StatusController, :bookmark)
post("/statuses/:id/unbookmark", StatusController, :unbookmark)
post("/statuses/:id/mute", StatusController, :mute_conversation)
post("/statuses/:id/unmute", StatusController, :unmute_conversation)
post("/statuses", StatusController, :create) put("/scheduled_statuses/:id", ScheduledActivityController, :update)
delete("/statuses/:id", StatusController, :delete) delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
post("/statuses/:id/reblog", StatusController, :reblog) post("/polls/:id/votes", PollController, :vote)
post("/statuses/:id/unreblog", StatusController, :unreblog)
post("/statuses/:id/favourite", StatusController, :favourite)
post("/statuses/:id/unfavourite", StatusController, :unfavourite)
post("/statuses/:id/pin", StatusController, :pin)
post("/statuses/:id/unpin", StatusController, :unpin)
post("/statuses/:id/bookmark", StatusController, :bookmark)
post("/statuses/:id/unbookmark", StatusController, :unbookmark)
post("/statuses/:id/mute", StatusController, :mute_conversation)
post("/statuses/:id/unmute", StatusController, :unmute_conversation)
put("/scheduled_statuses/:id", ScheduledActivityController, :update) post("/media", MediaController, :create)
delete("/scheduled_statuses/:id", ScheduledActivityController, :delete) put("/media/:id", MediaController, :update)
post("/polls/:id/votes", PollController, :vote) delete("/lists/:id", ListController, :delete)
post("/lists", ListController, :create)
put("/lists/:id", ListController, :update)
post("/media", MediaController, :create) post("/lists/:id/accounts", ListController, :add_to_list)
put("/media/:id", MediaController, :update) delete("/lists/:id/accounts", ListController, :remove_from_list)
delete("/lists/:id", ListController, :delete) post("/filters", FilterController, :create)
post("/lists", ListController, :create) get("/filters/:id", FilterController, :show)
put("/lists/:id", ListController, :update) put("/filters/:id", FilterController, :update)
delete("/filters/:id", FilterController, :delete)
post("/lists/:id/accounts", ListController, :add_to_list) post("/reports", ReportController, :create)
delete("/lists/:id/accounts", ListController, :remove_from_list)
post("/filters", FilterController, :create) post("/follows", AccountController, :follows)
get("/filters/:id", FilterController, :show) post("/accounts/:id/follow", AccountController, :follow)
put("/filters/:id", FilterController, :update) post("/accounts/:id/unfollow", AccountController, :unfollow)
delete("/filters/:id", FilterController, :delete) post("/accounts/:id/block", AccountController, :block)
post("/accounts/:id/unblock", AccountController, :unblock)
post("/accounts/:id/mute", AccountController, :mute)
post("/accounts/:id/unmute", AccountController, :unmute)
post("/reports", ReportController, :create) post("/follow_requests/:id/authorize", FollowRequestController, :authorize)
end post("/follow_requests/:id/reject", FollowRequestController, :reject)
scope [] do post("/domain_blocks", DomainBlockController, :create)
pipe_through(:oauth_follow) delete("/domain_blocks", DomainBlockController, :delete)
post("/follows", AccountController, :follows) post("/push/subscription", SubscriptionController, :create)
post("/accounts/:id/follow", AccountController, :follow) get("/push/subscription", SubscriptionController, :get)
post("/accounts/:id/unfollow", AccountController, :unfollow) put("/push/subscription", SubscriptionController, :update)
post("/accounts/:id/block", AccountController, :block) delete("/push/subscription", SubscriptionController, :delete)
post("/accounts/:id/unblock", AccountController, :unblock)
post("/accounts/:id/mute", AccountController, :mute)
post("/accounts/:id/unmute", AccountController, :unmute)
post("/follow_requests/:id/authorize", FollowRequestController, :authorize)
post("/follow_requests/:id/reject", FollowRequestController, :reject)
post("/domain_blocks", DomainBlockController, :create)
delete("/domain_blocks", DomainBlockController, :delete)
end
scope [] do
pipe_through(:oauth_push)
post("/push/subscription", SubscriptionController, :create)
get("/push/subscription", SubscriptionController, :get)
put("/push/subscription", SubscriptionController, :update)
delete("/push/subscription", SubscriptionController, :delete)
end
end end
scope "/api/web", Pleroma.Web do scope "/api/web", Pleroma.Web do
pipe_through([:authenticated_api, :oauth_write]) pipe_through(:authenticated_api)
put("/settings", MastoFEController, :put_settings) put("/settings", MastoFEController, :put_settings)
end end
@ -477,30 +422,26 @@ defmodule Pleroma.Web.Router do
get("/trends", MastodonAPIController, :empty_array) get("/trends", MastodonAPIController, :empty_array)
scope [] do get("/timelines/public", TimelineController, :public)
pipe_through(:oauth_read_or_public) get("/timelines/tag/:tag", TimelineController, :hashtag)
get("/timelines/list/:list_id", TimelineController, :list)
get("/timelines/public", TimelineController, :public) get("/statuses", StatusController, :index)
get("/timelines/tag/:tag", TimelineController, :hashtag) get("/statuses/:id", StatusController, :show)
get("/timelines/list/:list_id", TimelineController, :list) get("/statuses/:id/context", StatusController, :context)
get("/statuses", StatusController, :index) get("/polls/:id", PollController, :show)
get("/statuses/:id", StatusController, :show)
get("/statuses/:id/context", StatusController, :context)
get("/polls/:id", PollController, :show) get("/accounts/:id/statuses", AccountController, :statuses)
get("/accounts/:id/followers", AccountController, :followers)
get("/accounts/:id/following", AccountController, :following)
get("/accounts/:id", AccountController, :show)
get("/accounts/:id/statuses", AccountController, :statuses) get("/search", SearchController, :search)
get("/accounts/:id/followers", AccountController, :followers)
get("/accounts/:id/following", AccountController, :following)
get("/accounts/:id", AccountController, :show)
get("/search", SearchController, :search)
end
end end
scope "/api/v2", Pleroma.Web.MastodonAPI do scope "/api/v2", Pleroma.Web.MastodonAPI do
pipe_through([:api, :oauth_read_or_public]) pipe_through(:api)
get("/search", SearchController, :search2) get("/search", SearchController, :search2)
end end
@ -531,11 +472,7 @@ defmodule Pleroma.Web.Router do
get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens) get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens)
delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token) delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token)
scope [] do post("/qvitter/statuses/notifications/read", TwitterAPI.Controller, :notifications_read)
pipe_through(:oauth_read)
post("/qvitter/statuses/notifications/read", TwitterAPI.Controller, :notifications_read)
end
end end
pipeline :ap_service_actor do pipeline :ap_service_actor do
@ -599,23 +536,14 @@ defmodule Pleroma.Web.Router do
scope "/", Pleroma.Web.ActivityPub do scope "/", Pleroma.Web.ActivityPub do
pipe_through([:activitypub_client]) pipe_through([:activitypub_client])
scope [] do get("/api/ap/whoami", ActivityPubController, :whoami)
pipe_through(:oauth_read) get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
get("/api/ap/whoami", ActivityPubController, :whoami)
get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
end
scope [] do post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
pipe_through(:oauth_write) post("/api/ap/upload_media", ActivityPubController, :upload_media)
post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
post("/api/ap/upload_media", ActivityPubController, :upload_media)
end
scope [] do get("/users/:nickname/followers", ActivityPubController, :followers)
pipe_through(:oauth_read_or_public) get("/users/:nickname/following", ActivityPubController, :following)
get("/users/:nickname/followers", ActivityPubController, :followers)
get("/users/:nickname/following", ActivityPubController, :following)
end
end end
scope "/", Pleroma.Web.ActivityPub do scope "/", Pleroma.Web.ActivityPub do
@ -665,10 +593,7 @@ defmodule Pleroma.Web.Router do
post("/auth/password", MastodonAPI.AuthController, :password_reset) post("/auth/password", MastodonAPI.AuthController, :password_reset)
scope [] do get("/web/*path", MastoFEController, :index)
pipe_through(:oauth_read)
get("/web/*path", MastoFEController, :index)
end
end end
pipeline :remote_media do pipeline :remote_media do

View file

@ -39,6 +39,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
] ]
) )
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :notifications_read)
plug(Pleroma.Plugs.SetFormatPlug when action in [:config, :version]) plug(Pleroma.Plugs.SetFormatPlug when action in [:config, :version])
def help_test(conn, _params) do def help_test(conn, _params) do