chinwag/chinwagsocial
chinwag/chinwagsocial
2
0
Fork 0
Code Issues Pull requests Releases 14 Wiki Activity

Merge tag 'v4.2.12' into chinwag-next

Browse source
This commit is contained in:
Mike Barnes 2024-09-24 20:03:33 +10:00
commit 9bcb7630b3
3138 changed files with 94619 additions and 59187 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/about_controller.rb
View file

@ -8,7 +8,7 @@ class AboutController < ApplicationController
before_action :set_instance_presenter
def show
expires_in 0, public: true unless user_signed_in?
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
end
private

7
app/controllers/accounts_controller.rb
View file

@ -7,16 +7,17 @@ class AccountsController < ApplicationController
include AccountControllerConcern
include SignatureAuthentication
vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
before_action :require_account_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
before_action :set_cache_headers
skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
skip_before_action :require_functional!, unless: :whitelist_mode?
skip_before_action :require_functional!, unless: :limited_federation_mode?
def show
respond_to do |format|
format.html do
expires_in 0, public: true unless user_signed_in?
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.hour) unless user_signed_in?
@rss_url = rss_url
end

4
app/controllers/activitypub/base_controller.rb
View file

@ -7,10 +7,6 @@ class ActivityPub::BaseController < Api::BaseController
private
def set_cache_headers
response.headers['Vary'] = 'Signature' if authorized_fetch_mode?
end
def skip_temporary_suspension_response?
false
end

3
app/controllers/activitypub/collections_controller.rb
View file

@ -4,11 +4,12 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
include SignatureVerification
include AccountOwnedConcern
vary_by -> { 'Signature' if authorized_fetch_mode? }
before_action :require_account_signature!, if: :authorized_fetch_mode?
before_action :set_items
before_action :set_size
before_action :set_type
before_action :set_cache_headers
def show
expires_in 3.minutes, public: public_fetch_mode?

3
app/controllers/activitypub/followers_synchronizations_controller.rb
View file

@ -4,9 +4,10 @@ class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseContro
include SignatureVerification
include AccountOwnedConcern
vary_by -> { 'Signature' if authorized_fetch_mode? }
before_action :require_account_signature!
before_action :set_items
before_action :set_cache_headers
def show
expires_in 0, public: false

8
app/controllers/activitypub/outboxes_controller.rb
View file

@ -6,9 +6,10 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
include SignatureVerification
include AccountOwnedConcern
vary_by -> { 'Signature' if authorized_fetch_mode? || page_requested? }
before_action :require_account_signature!, if: :authorized_fetch_mode?
before_action :set_statuses
before_action :set_cache_headers
def show
if page_requested?
@ -16,6 +17,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
else
expires_in(3.minutes, public: public_fetch_mode?)
end
render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
end
@ -80,8 +82,4 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
def set_account
@account = params[:account_username].present? ? Account.find_local!(username_param) : Account.representative
end
def set_cache_headers
response.headers['Vary'] = 'Signature' if authorized_fetch_mode? || page_requested?
end
end

3
app/controllers/activitypub/replies_controller.rb
View file

@ -7,9 +7,10 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
DESCENDANTS_LIMIT = 60
vary_by -> { 'Signature' if authorized_fetch_mode? }
before_action :require_account_signature!, if: :authorized_fetch_mode?
before_action :set_status
before_action :set_cache_headers
before_action :set_replies
def index

8
app/controllers/admin/announcements_controller.rb
View file

@ -14,6 +14,10 @@ class Admin::AnnouncementsController < Admin::BaseController
@announcement = Announcement.new
end
def edit
authorize :announcement, :update?
end
def create
authorize :announcement, :create?
@ -28,10 +32,6 @@ class Admin::AnnouncementsController < Admin::BaseController
end
end
def edit
authorize :announcement, :update?
end
def update
authorize :announcement, :update?

6
app/controllers/admin/base_controller.rb
View file

@ -8,6 +8,8 @@ module Admin
layout 'admin'
before_action :set_body_classes
before_action :set_cache_headers
after_action :verify_authorized
private
@ -16,6 +18,10 @@ module Admin
@body_classes = 'admin'
end
def set_cache_headers
response.cache_control.replace(private: true, no_store: true)
end
def set_user
@user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
end

12
app/controllers/admin/dashboard_controller.rb
View file

@ -14,17 +14,5 @@ module Admin
@pending_tags_count = Tag.pending_review.count
@pending_appeals_count = Appeal.pending.count
end
private
def redis_info
@redis_info ||= begin
if redis.is_a?(Redis::Namespace)
redis.redis.info
else
redis.info
end
end
end
end
end

50
app/controllers/admin/domain_blocks_controller.rb
View file

@ -2,7 +2,7 @@
module Admin
class DomainBlocksController < BaseController
before_action :set_domain_block, only: [:show, :destroy, :edit, :update]
before_action :set_domain_block, only: [:destroy, :edit, :update]
def batch
authorize :domain_block, :create?
@ -31,31 +31,41 @@ module Admin
@domain_block = DomainBlock.new(resource_params)
existing_domain_block = resource_params[:domain].present? ? DomainBlock.rule_for(resource_params[:domain]) : nil
# Disallow accidentally downgrading a domain block
if existing_domain_block.present? && !@domain_block.stricter_than?(existing_domain_block)
@domain_block.save
flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe # rubocop:disable Rails/OutputSafety
flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe
@domain_block.errors.delete(:domain)
render :new
else
if existing_domain_block.present? && existing_domain_block.domain == TagManager.instance.normalize_domain(@domain_block.domain.strip)
@domain_block = existing_domain_block
@domain_block.update(resource_params)
end
return render :new
end
if @domain_block.save
DomainBlockWorker.perform_async(@domain_block.id)
log_action :create, @domain_block
redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
else
render :new
end
# Allow transparently upgrading a domain block
if existing_domain_block.present? && existing_domain_block.domain == TagManager.instance.normalize_domain(@domain_block.domain.strip)
@domain_block = existing_domain_block
@domain_block.assign_attributes(resource_params)
end
# Require explicit confirmation when suspending
return render :confirm_suspension if requires_confirmation?
if @domain_block.save
DomainBlockWorker.perform_async(@domain_block.id)
log_action :create, @domain_block
redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
else
render :new
end
end
def update
authorize :domain_block, :update?
if @domain_block.update(update_params)
@domain_block.assign_attributes(update_params)
# Require explicit confirmation when suspending
return render :confirm_suspension if requires_confirmation?
if @domain_block.save
DomainBlockWorker.perform_async(@domain_block.id, @domain_block.severity_previously_changed?)
log_action :update, @domain_block
redirect_to admin_instances_path(limited: '1'), notice: I18n.t('admin.domain_blocks.created_msg')
@ -90,9 +100,11 @@ module Admin
end
def action_from_button
if params[:save]
'save'
end
'save' if params[:save]
end
def requires_confirmation?
@domain_block.valid? && (@domain_block.new_record? || @domain_block.severity_changed?) && @domain_block.severity.to_s == 'suspend' && !params[:confirm]
end
end
end

6
app/controllers/admin/email_domain_blocks_controller.rb
View file

@ -2,8 +2,6 @@
module Admin
class EmailDomainBlocksController < BaseController
before_action :set_email_domain_block, only: [:show, :destroy]
def index
authorize :email_domain_block, :index?
@ -59,10 +57,6 @@ module Admin
private
def set_email_domain_block
@email_domain_block = EmailDomainBlock.find(params[:id])
end
def set_resolved_records
Resolv::DNS.open do |dns|
dns.timeouts = 5

2
app/controllers/admin/instances_controller.rb
View file

@ -65,7 +65,7 @@ module Admin
end
def filtered_instances
InstanceFilter.new(whitelist_mode? ? { allowed: true } : filter_params).results
InstanceFilter.new(limited_federation_mode? ? { allowed: true } : filter_params).results
end
def filter_params

8
app/controllers/admin/roles_controller.rb
View file

@ -16,6 +16,10 @@ module Admin
@role = UserRole.new
end
def edit
authorize @role, :update?
end
def create
authorize :user_role, :create?
@ -30,10 +34,6 @@ module Admin
end
end
def edit
authorize @role, :update?
end
def update
authorize @role, :update?

8
app/controllers/admin/rules_controller.rb
View file

@ -11,6 +11,10 @@ module Admin
@rule = Rule.new
end
def edit
authorize @rule, :update?
end
def create
authorize :rule, :create?
@ -24,10 +28,6 @@ module Admin
end
end
def edit
authorize @rule, :update?
end
def update
authorize @rule, :update?

18
app/controllers/admin/software_updates_controller.rb Normal file
View file

@ -0,0 +1,18 @@
# frozen_string_literal: true
module Admin
class SoftwareUpdatesController < BaseController
before_action :check_enabled!
def index
authorize :software_update, :index?
@software_updates = SoftwareUpdate.all.sort_by(&:gem_version)
end
private
def check_enabled!
not_found unless SoftwareUpdate.check_enabled?
end
end
end

8
app/controllers/admin/warning_presets_controller.rb
View file

@ -11,6 +11,10 @@ module Admin
@warning_preset = AccountWarningPreset.new
end
def edit
authorize @warning_preset, :update?
end
def create
authorize :account_warning_preset, :create?
@ -24,10 +28,6 @@ module Admin
end
end
def edit
authorize @warning_preset, :update?
end
def update
authorize @warning_preset, :update?

18
app/controllers/admin/webhooks_controller.rb
View file

@ -10,12 +10,20 @@ module Admin
@webhooks = Webhook.page(params[:page])
end
def show
authorize @webhook, :show?
end
def new
authorize :webhook, :create?
@webhook = Webhook.new
end
def edit
authorize @webhook, :update?
end
def create
authorize :webhook, :create?
@ -29,14 +37,6 @@ module Admin
end
end
def show
authorize @webhook, :show?
end
def edit
authorize @webhook, :update?
end
def update
authorize @webhook, :update?
@ -74,7 +74,7 @@ module Admin
end
def resource_params
params.require(:webhook).permit(:url, events: [])
params.require(:webhook).permit(:url, :template, events: [])
end
end
end

13
app/controllers/api/base_controller.rb
View file

@ -6,13 +6,14 @@ class Api::BaseController < ApplicationController
include RateLimitHeaders
include AccessTokenTrackingConcern
include ApiCachingConcern
skip_before_action :store_current_location
skip_before_action :require_functional!, unless: :whitelist_mode?
skip_before_action :require_functional!, unless: :limited_federation_mode?
before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
before_action :require_not_suspended!
before_action :set_cache_headers
vary_by 'Authorization'
protect_from_forgery with: :null_session
@ -148,12 +149,8 @@ class Api::BaseController < ApplicationController
doorkeeper_authorize!(*scopes) if doorkeeper_token
end
def set_cache_headers
response.headers['Cache-Control'] = 'private, no-store'
end
def disallow_unauthenticated_api_access?
ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.whitelist_mode
ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.limited_federation_mode
end
private

13
app/controllers/api/v1/accounts/credentials_controller.rb
View file

@ -13,7 +13,7 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
def update
@account = current_account
UpdateAccountService.new.call(@account, account_params, raise_error: true)
UserSettingsDecorator.new(current_user).update(user_settings_params) if user_settings_params
current_user.update(user_params) if user_params
ActivityPub::UpdateDistributionWorker.perform_async(@account.id)
render json: @account, serializer: REST::CredentialAccountSerializer
end
@ -30,19 +30,22 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
:bot,
:discoverable,
:hide_collections,
:indexable,
fields_attributes: [:name, :value]
)
end
def user_settings_params
def user_params
return nil if params[:source].blank?
source_params = params.require(:source)
{
'setting_default_privacy' => source_params.fetch(:privacy, @account.user.setting_default_privacy),
'setting_default_sensitive' => source_params.fetch(:sensitive, @account.user.setting_default_sensitive),
'setting_default_language' => source_params.fetch(:language, @account.user.setting_default_language),
settings_attributes: {
default_privacy: source_params.fetch(:privacy, @account.user.setting_default_privacy),
default_sensitive: source_params.fetch(:sensitive, @account.user.setting_default_sensitive),
default_language: source_params.fetch(:language, @account.user.setting_default_language),
},
}
end
end

9
app/controllers/api/v1/accounts/follower_accounts_controller.rb
View file

@ -6,6 +6,7 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
after_action :insert_pagination_headers
def index
cache_if_unauthenticated!
@accounts = load_accounts
render json: @accounts, each_serializer: REST::AccountSerializer
end
@ -45,15 +46,11 @@ class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
end
def next_path
if records_continue?
api_v1_account_followers_url pagination_params(max_id: pagination_max_id)
end
api_v1_account_followers_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless @accounts.empty?
api_v1_account_followers_url pagination_params(since_id: pagination_since_id)
end
api_v1_account_followers_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
end
def pagination_max_id

9
app/controllers/api/v1/accounts/following_accounts_controller.rb
View file

@ -6,6 +6,7 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
after_action :insert_pagination_headers
def index
cache_if_unauthenticated!
@accounts = load_accounts
render json: @accounts, each_serializer: REST::AccountSerializer
end
@ -45,15 +46,11 @@ class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
end
def next_path
if records_continue?
api_v1_account_following_index_url pagination_params(max_id: pagination_max_id)
end
api_v1_account_following_index_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless @accounts.empty?
api_v1_account_following_index_url pagination_params(since_id: pagination_since_id)
end
api_v1_account_following_index_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
end
def pagination_max_id

1
app/controllers/api/v1/accounts/lookup_controller.rb
View file

@ -5,6 +5,7 @@ class Api::V1::Accounts::LookupController < Api::BaseController
before_action :set_account
def show
cache_if_unauthenticated!
render json: @account, serializer: REST::AccountSerializer
end

2
app/controllers/api/v1/accounts/notes_controller.rb
View file

@ -25,6 +25,6 @@ class Api::V1::Accounts::NotesController < Api::BaseController
end
def relationships_presenter
AccountRelationshipsPresenter.new([@account.id], current_user.account_id)
AccountRelationshipsPresenter.new([@account], current_user.account_id)
end
end

2
app/controllers/api/v1/accounts/pins_controller.rb
View file

@ -25,6 +25,6 @@ class Api::V1::Accounts::PinsController < Api::BaseController
end
def relationships_presenter
AccountRelationshipsPresenter.new([@account.id], current_user.account_id)
AccountRelationshipsPresenter.new([@account], current_user.account_id)
end
end

5
app/controllers/api/v1/accounts/relationships_controller.rb
View file

@ -5,11 +5,10 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController
before_action :require_user!
def index
accounts = Account.without_suspended.where(id: account_ids).select('id')
@accounts = Account.without_suspended.where(id: account_ids).select(:id, :domain).to_a
# .where doesn't guarantee that our results are in the same order
# we requested them, so return the "right" order to the requestor.
@accounts = accounts.index_by(&:id).values_at(*account_ids).compact
render json: @accounts, each_serializer: REST::RelationshipSerializer, relationships: relationships
render json: @accounts.index_by(&:id).values_at(*account_ids).compact, each_serializer: REST::RelationshipSerializer, relationships: relationships
end
private

9
app/controllers/api/v1/accounts/statuses_controller.rb
View file

@ -7,6 +7,7 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
after_action :insert_pagination_headers, unless: -> { truthy_param?(:pinned) }
def index
cache_if_unauthenticated!
@statuses = load_statuses
render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
end
@ -39,15 +40,11 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
end
def next_path
if records_continue?
api_v1_account_statuses_url pagination_params(max_id: pagination_max_id)
end
api_v1_account_statuses_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless @statuses.empty?
api_v1_account_statuses_url pagination_params(min_id: pagination_since_id)
end
api_v1_account_statuses_url pagination_params(min_id: pagination_since_id) unless @statuses.empty?
end
def records_continue?

7
app/controllers/api/v1/accounts_controller.rb
View file

@ -18,6 +18,7 @@ class Api::V1::AccountsController < Api::BaseController
override_rate_limit_headers :follow, family: :follows
def show
cache_if_unauthenticated!
render json: @account, serializer: REST::AccountSerializer
end
@ -30,7 +31,7 @@ class Api::V1::AccountsController < Api::BaseController
self.response_body = Oj.dump(response.body)
self.status = response.status
rescue ActiveRecord::RecordInvalid => e
render json: ValidationErrorFormatter.new(e, 'account.username': :username, 'invite_request.text': :reason).as_json, status: :unprocessable_entity
render json: ValidationErrorFormatter.new(e, 'account.username': :username, 'invite_request.text': :reason).as_json, status: 422
end
def follow
@ -85,11 +86,11 @@ class Api::V1::AccountsController < Api::BaseController
end
def relationships(**options)
AccountRelationshipsPresenter.new([@account.id], current_user.account_id, **options)
AccountRelationshipsPresenter.new([@account], current_user.account_id, **options)
end
def account_params
params.permit(:username, :email, :password, :agreement, :locale, :reason)
params.permit(:username, :email, :password, :agreement, :locale, :reason, :time_zone)
end
def check_enabled_registrations

4
app/controllers/api/v1/admin/accounts_controller.rb
View file

@ -120,9 +120,7 @@ class Api::V1::Admin::AccountsController < Api::BaseController
translated_params[:status] = status.to_s if params[status].present?
end
if params[:staff].present?
translated_params[:role_ids] = UserRole.that_can(:manage_reports).map(&:id)
end
translated_params[:role_ids] = UserRole.that_can(:manage_reports).map(&:id) if params[:staff].present?
translated_params
end

2
app/controllers/api/v1/admin/canonical_email_blocks_controller.rb
View file

@ -58,7 +58,7 @@ class Api::V1::Admin::CanonicalEmailBlocksController < Api::BaseController
end
def set_canonical_email_blocks_from_test
@canonical_email_blocks = CanonicalEmailBlock.matching_email(params[:email])
@canonical_email_blocks = CanonicalEmailBlock.matching_email(params.require(:email))
end
def set_canonical_email_block

26
app/controllers/api/v1/admin/domain_allows_controller.rb
View file

@ -16,19 +16,6 @@ class Api::V1::Admin::DomainAllowsController < Api::BaseController
PAGINATION_PARAMS = %i(limit).freeze
def create
authorize :domain_allow, :create?
@domain_allow = DomainAllow.find_by(resource_params)
if @domain_allow.nil?
@domain_allow = DomainAllow.create!(resource_params)
log_action :create, @domain_allow
end
render json: @domain_allow, serializer: REST::Admin::DomainAllowSerializer
end
def index
authorize :domain_allow, :index?
render json: @domain_allows, each_serializer: REST::Admin::DomainAllowSerializer
@ -39,6 +26,19 @@ class Api::V1::Admin::DomainAllowsController < Api::BaseController
render json: @domain_allow, serializer: REST::Admin::DomainAllowSerializer
end
def create
authorize :domain_allow, :create?
@domain_allow = DomainAllow.find_by(domain: resource_params[:domain])
if @domain_allow.nil?
@domain_allow = DomainAllow.create!(resource_params)
log_action :create, @domain_allow
end
render json: @domain_allow, serializer: REST::Admin::DomainAllowSerializer
end
def destroy
authorize @domain_allow, :destroy?
UnallowDomainService.new.call(@domain_allow)

20
app/controllers/api/v1/admin/domain_blocks_controller.rb
View file

@ -16,6 +16,16 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
PAGINATION_PARAMS = %i(limit).freeze
def index
authorize :domain_block, :index?
render json: @domain_blocks, each_serializer: REST::Admin::DomainBlockSerializer
end
def show
authorize @domain_block, :show?
render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer
end
def create
authorize :domain_block, :create?
@ -29,16 +39,6 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController
render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer
end
def index
authorize :domain_block, :index?
render json: @domain_blocks, each_serializer: REST::Admin::DomainBlockSerializer
end
def show
authorize @domain_block, :show?
render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer
end
def update
authorize @domain_block, :update?
@domain_block.update!(domain_block_params)

18
app/controllers/api/v1/admin/email_domain_blocks_controller.rb
View file

@ -18,15 +18,6 @@ class Api::V1::Admin::EmailDomainBlocksController < Api::BaseController
limit
).freeze
def create
authorize :email_domain_block, :create?
@email_domain_block = EmailDomainBlock.create!(resource_params)
log_action :create, @email_domain_block
render json: @email_domain_block, serializer: REST::Admin::EmailDomainBlockSerializer
end
def index
authorize :email_domain_block, :index?
render json: @email_domain_blocks, each_serializer: REST::Admin::EmailDomainBlockSerializer
@ -37,6 +28,15 @@ class Api::V1::Admin::EmailDomainBlocksController < Api::BaseController
render json: @email_domain_block, serializer: REST::Admin::EmailDomainBlockSerializer
end
def create
authorize :email_domain_block, :create?
@email_domain_block = EmailDomainBlock.create!(resource_params)
log_action :create, @email_domain_block
render json: @email_domain_block, serializer: REST::Admin::EmailDomainBlockSerializer
end
def destroy
authorize @email_domain_block, :destroy?
@email_domain_block.destroy!

14
app/controllers/api/v1/admin/ip_blocks_controller.rb
View file

@ -18,13 +18,6 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
limit
).freeze
def create
authorize :ip_block, :create?
@ip_block = IpBlock.create!(resource_params)
log_action :create, @ip_block
render json: @ip_block, serializer: REST::Admin::IpBlockSerializer
end
def index
authorize :ip_block, :index?
render json: @ip_blocks, each_serializer: REST::Admin::IpBlockSerializer
@ -35,6 +28,13 @@ class Api::V1::Admin::IpBlocksController < Api::BaseController
render json: @ip_block, serializer: REST::Admin::IpBlockSerializer
end
def create
authorize :ip_block, :create?
@ip_block = IpBlock.create!(resource_params)
log_action :create, @ip_block
render json: @ip_block, serializer: REST::Admin::IpBlockSerializer
end
def update
authorize @ip_block, :update?
@ip_block.update(resource_params)

74
app/controllers/api/v1/admin/tags_controller.rb Normal file
View file

@ -0,0 +1,74 @@
# frozen_string_literal: true
class Api::V1::Admin::TagsController < Api::BaseController
include Authorization
before_action -> { authorize_if_got_token! :'admin:read' }, only: [:index, :show]
before_action -> { authorize_if_got_token! :'admin:write' }, only: :update
before_action :set_tags, only: :index
before_action :set_tag, except: :index
after_action :insert_pagination_headers, only: :index
after_action :verify_authorized
LIMIT = 100
PAGINATION_PARAMS = %i(limit).freeze
def index
authorize :tag, :index?
render json: @tags, each_serializer: REST::Admin::TagSerializer
end
def show
authorize @tag, :show?
render json: @tag, serializer: REST::Admin::TagSerializer
end
def update
authorize @tag, :update?
@tag.update!(tag_params.merge(reviewed_at: Time.now.utc))
render json: @tag, serializer: REST::Admin::TagSerializer
end
private
def set_tag
@tag = Tag.find(params[:id])
end
def set_tags
@tags = Tag.all.to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
end
def tag_params
params.permit(:display_name, :trendable, :usable, :listable)
end
def insert_pagination_headers
set_pagination_headers(next_path, prev_path)
end
def next_path
api_v1_admin_tags_url(pagination_params(max_id: pagination_max_id)) if records_continue?
end
def prev_path
api_v1_admin_tags_url(pagination_params(min_id: pagination_since_id)) unless @tags.empty?
end
def pagination_max_id
@tags.last.id
end
def pagination_since_id
@tags.first.id
end
def records_continue?
@tags.size == limit_param(LIMIT)
end
def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end
end

72
app/controllers/api/v1/admin/trends/links/preview_card_providers_controller.rb Normal file
View file

@ -0,0 +1,72 @@
# frozen_string_literal: true
class Api::V1::Admin::Trends::Links::PreviewCardProvidersController < Api::BaseController
include Authorization
LIMIT = 100
before_action -> { authorize_if_got_token! :'admin:read' }, only: :index
before_action -> { authorize_if_got_token! :'admin:write' }, except: :index
before_action :set_providers, only: :index
after_action :verify_authorized
after_action :insert_pagination_headers, only: :index
PAGINATION_PARAMS = %i(limit).freeze
def index
authorize :preview_card_provider, :index?
render json: @providers, each_serializer: REST::Admin::Trends::Links::PreviewCardProviderSerializer
end
def approve
authorize :preview_card_provider, :review?
provider = PreviewCardProvider.find(params[:id])
provider.update(trendable: true, reviewed_at: Time.now.utc)
render json: provider, serializer: REST::Admin::Trends::Links::PreviewCardProviderSerializer
end
def reject
authorize :preview_card_provider, :review?
provider = PreviewCardProvider.find(params[:id])
provider.update(trendable: false, reviewed_at: Time.now.utc)
render json: provider, serializer: REST::Admin::Trends::Links::PreviewCardProviderSerializer
end
private
def set_providers
@providers = PreviewCardProvider.all.to_a_paginated_by_id(limit_param(LIMIT), params_slice(:max_id, :since_id, :min_id))
end
def insert_pagination_headers
set_pagination_headers(next_path, prev_path)
end
def next_path
api_v1_admin_trends_links_preview_card_providers_url(pagination_params(max_id: pagination_max_id)) if records_continue?
end
def prev_path
api_v1_admin_trends_links_preview_card_providers_url(pagination_params(min_id: pagination_since_id)) unless @providers.empty?
end
def pagination_max_id
@providers.last.id
end
def pagination_since_id
@providers.first.id
end
def records_continue?
@providers.size == limit_param(LIMIT)
end
def pagination_params(core_params)
params.slice(*PAGINATION_PARAMS).permit(*PAGINATION_PARAMS).merge(core_params)
end
end

31
app/controllers/api/v1/admin/trends/links_controller.rb
View file

@ -1,7 +1,36 @@
# frozen_string_literal: true
class Api::V1::Admin::Trends::LinksController < Api::V1::Trends::LinksController
before_action -> { authorize_if_got_token! :'admin:read' }
include Authorization
before_action -> { authorize_if_got_token! :'admin:read' }, only: :index
before_action -> { authorize_if_got_token! :'admin:write' }, except: :index
after_action :verify_authorized, except: :index
def index
if current_user&.can?(:manage_taxonomies)
render json: @links, each_serializer: REST::Admin::Trends::LinkSerializer
else
super
end
end
def approve
authorize :preview_card, :review?
link = PreviewCard.find(params[:id])
link.update(trendable: true)
render json: link, serializer: REST::Admin::Trends::LinkSerializer
end
def reject
authorize :preview_card, :review?
link = PreviewCard.find(params[:id])
link.update(trendable: false)
render json: link, serializer: REST::Admin::Trends::LinkSerializer
end
private

31
app/controllers/api/v1/admin/trends/statuses_controller.rb
View file

@ -1,7 +1,36 @@
# frozen_string_literal: true
class Api::V1::Admin::Trends::StatusesController < Api::V1::Trends::StatusesController
before_action -> { authorize_if_got_token! :'admin:read' }
include Authorization
before_action -> { authorize_if_got_token! :'admin:read' }, only: :index
before_action -> { authorize_if_got_token! :'admin:write' }, except: :index
after_action :verify_authorized, except: :index
def index
if current_user&.can?(:manage_taxonomies)
render json: @statuses, each_serializer: REST::Admin::Trends::StatusSerializer
else
super
end
end
def approve
authorize [:admin, :status], :review?
status = Status.find(params[:id])
status.update(trendable: true)
render json: status, serializer: REST::Admin::Trends::StatusSerializer
end
def reject
authorize [:admin, :status], :review?
status = Status.find(params[:id])
status.update(trendable: false)
render json: status, serializer: REST::Admin::Trends::StatusSerializer
end
private

23
app/controllers/api/v1/admin/trends/tags_controller.rb
View file

@ -1,7 +1,12 @@
# frozen_string_literal: true
class Api::V1::Admin::Trends::TagsController < Api::V1::Trends::TagsController
before_action -> { authorize_if_got_token! :'admin:read' }
include Authorization
before_action -> { authorize_if_got_token! :'admin:read' }, only: :index
before_action -> { authorize_if_got_token! :'admin:write' }, except: :index
after_action :verify_authorized, except: :index
def index
if current_user&.can?(:manage_taxonomies)
@ -11,6 +16,22 @@ class Api::V1::Admin::Trends::TagsController < Api::V1::Trends::TagsController
end
end
def approve
authorize :tag, :review?
tag = Tag.find(params[:id])
tag.update(trendable: true, reviewed_at: Time.now.utc)
render json: tag, serializer: REST::Admin::TagSerializer
end
def reject
authorize :tag, :review?
tag = Tag.find(params[:id])
tag.update(trendable: false, reviewed_at: Time.now.utc)
render json: tag, serializer: REST::Admin::TagSerializer
end
private
def enabled?

4
app/controllers/api/v1/announcements_controller.rb
View file

@ -18,9 +18,7 @@ class Api::V1::AnnouncementsController < Api::BaseController
private
def set_announcements
@announcements = begin
Announcement.published.chronological
end
@announcements = Announcement.published.chronological
end
def set_announcement

8
app/controllers/api/v1/blocks_controller.rb
View file

@ -33,15 +33,11 @@ class Api::V1::BlocksController < Api::BaseController
end
def next_path
if records_continue?
api_v1_blocks_url pagination_params(max_id: pagination_max_id)
end
api_v1_blocks_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless paginated_blocks.empty?
api_v1_blocks_url pagination_params(since_id: pagination_since_id)
end
api_v1_blocks_url pagination_params(since_id: pagination_since_id) unless paginated_blocks.empty?
end
def pagination_max_id

2
app/controllers/api/v1/bookmarks_controller.rb
View file

@ -21,7 +21,7 @@ class Api::V1::BookmarksController < Api::BaseController
end
def results
@_results ||= account_bookmarks.joins(:status).eager_load(:status).to_a_paginated_by_id(
@results ||= account_bookmarks.joins(:status).eager_load(:status).to_a_paginated_by_id(
limit_param(DEFAULT_STATUSES_LIMIT),
params_slice(:max_id, :since_id, :min_id)
)

13
app/controllers/api/v1/conversations_controller.rb
View file

@ -19,6 +19,11 @@ class Api::V1::ConversationsController < Api::BaseController
render json: @conversation, serializer: REST::ConversationSerializer
end
def unread
@conversation.update!(unread: true)
render json: @conversation, serializer: REST::ConversationSerializer
end
def destroy
@conversation.destroy!
render_empty
@ -53,15 +58,11 @@ class Api::V1::ConversationsController < Api::BaseController
end
def next_path
if records_continue?
api_v1_conversations_url pagination_params(max_id: pagination_max_id)
end
api_v1_conversations_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless @conversations.empty?
api_v1_conversations_url pagination_params(min_id: pagination_since_id)
end
api_v1_conversations_url pagination_params(min_id: pagination_since_id) unless @conversations.empty?
end
def pagination_max_id

4
app/controllers/api/v1/custom_emojis_controller.rb
View file

@ -1,10 +1,10 @@
# frozen_string_literal: true
class Api::V1::CustomEmojisController < Api::BaseController
skip_before_action :set_cache_headers
vary_by '', unless: :disallow_unauthenticated_api_access?
def index
expires_in 3.minutes, public: true
cache_even_if_authenticated! unless disallow_unauthenticated_api_access?
render_with_cache(each_serializer: REST::CustomEmojiSerializer) { CustomEmoji.listed.includes(:category) }
end
end

39
app/controllers/api/v1/directories_controller.rb
View file

@ -5,6 +5,7 @@ class Api::V1::DirectoriesController < Api::BaseController
before_action :set_accounts
def show
cache_if_unauthenticated!
render json: @accounts, each_serializer: REST::AccountSerializer
end
@ -15,16 +16,42 @@ class Api::V1::DirectoriesController < Api::BaseController
end
def set_accounts
@accounts = accounts_scope.offset(params[:offset]).limit(limit_param(DEFAULT_ACCOUNTS_LIMIT))
with_read_replica do
@accounts = accounts_scope.offset(params[:offset]).limit(limit_param(DEFAULT_ACCOUNTS_LIMIT))
end
end
def accounts_scope
Account.discoverable.tap do |scope|
scope.merge!(Account.local) if truthy_param?(:local)
scope.merge!(Account.by_recent_status) if params[:order].blank? || params[:order] == 'active'
scope.merge!(Account.order(id: :desc)) if params[:order] == 'new'
scope.merge!(Account.not_excluded_by_account(current_account)) if current_account
scope.merge!(Account.not_domain_blocked_by_account(current_account)) if current_account && !truthy_param?(:local)
scope.merge!(account_order_scope)
scope.merge!(local_account_scope) if local_accounts?
scope.merge!(account_exclusion_scope) if current_account
scope.merge!(account_domain_block_scope) if current_account && !local_accounts?
end
end
def local_accounts?
truthy_param?(:local)
end
def account_order_scope
case params[:order]
when 'new'
Account.order(id: :desc)
when 'active', nil
Account.by_recent_status
end
end
def local_account_scope
Account.local
end
def account_exclusion_scope
Account.not_excluded_by_account(current_account)
end
def account_domain_block_scope
Account.not_domain_blocked_by_account(current_account)
end
end

8
app/controllers/api/v1/domain_blocks_controller.rb
View file

@ -43,15 +43,11 @@ class Api::V1::DomainBlocksController < Api::BaseController
end
def next_path
if records_continue?
api_v1_domain_blocks_url pagination_params(max_id: pagination_max_id)
end
api_v1_domain_blocks_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless @blocks.empty?
api_v1_domain_blocks_url pagination_params(since_id: pagination_since_id)
end
api_v1_domain_blocks_url pagination_params(since_id: pagination_since_id) unless @blocks.empty?
end
def pagination_max_id

16
app/controllers/api/v1/emails/confirmations_controller.rb
View file

@ -1,9 +1,11 @@
# frozen_string_literal: true
class Api::V1::Emails::ConfirmationsController < Api::BaseController
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }
before_action :require_user_owned_by_application!
before_action :require_user_not_confirmed!
before_action -> { authorize_if_got_token! :read, :'read:accounts' }, only: :check
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, except: :check
before_action :require_user_owned_by_application!, except: :check
before_action :require_user_not_confirmed!, except: :check
before_action :require_authenticated_user!, only: :check
def create
current_user.update!(email: params[:email]) if params.key?(:email)
@ -12,13 +14,17 @@ class Api::V1::Emails::ConfirmationsController < Api::BaseController
render_empty
end
def check
render json: current_user.confirmed?
end
private
def require_user_owned_by_application!
render json: { error: 'This method is only available to the application the user originally signed-up with' }, status: :forbidden unless current_user && current_user.created_by_application_id == doorkeeper_token.application_id
render json: { error: 'This method is only available to the application the user originally signed-up with' }, status: 403 unless current_user && current_user.created_by_application_id == doorkeeper_token.application_id
end
def require_user_not_confirmed!
render json: { error: 'This method is only available while the e-mail is awaiting confirmation' }, status: :forbidden unless !current_user.confirmed? || current_user.unconfirmed_email.present?
render json: { error: 'This method is only available while the e-mail is awaiting confirmation' }, status: 403 unless !current_user.confirmed? || current_user.unconfirmed_email.present?
end
end

8
app/controllers/api/v1/endorsements_controller.rb
View file

@ -35,17 +35,13 @@ class Api::V1::EndorsementsController < Api::BaseController
def next_path
return if unlimited?
if records_continue?
api_v1_endorsements_url pagination_params(max_id: pagination_max_id)
end
api_v1_endorsements_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
return if unlimited?
unless @accounts.empty?
api_v1_endorsements_url pagination_params(since_id: pagination_since_id)
end
api_v1_endorsements_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
end
def pagination_max_id

10
app/controllers/api/v1/favourites_controller.rb
View file

@ -21,7 +21,7 @@ class Api::V1::FavouritesController < Api::BaseController
end
def results
@_results ||= account_favourites.joins(:status).eager_load(:status).to_a_paginated_by_id(
@results ||= account_favourites.joins(:status).eager_load(:status).to_a_paginated_by_id(
limit_param(DEFAULT_STATUSES_LIMIT),
params_slice(:max_id, :since_id, :min_id)
)
@ -36,15 +36,11 @@ class Api::V1::FavouritesController < Api::BaseController
end
def next_path
if records_continue?
api_v1_favourites_url pagination_params(max_id: pagination_max_id)
end
api_v1_favourites_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless results.empty?
api_v1_favourites_url pagination_params(min_id: pagination_since_id)
end
api_v1_favourites_url pagination_params(min_id: pagination_since_id) unless results.empty?
end
def pagination_max_id

6
app/controllers/api/v1/featured_tags_controller.rb
View file

@ -13,7 +13,7 @@ class Api::V1::FeaturedTagsController < Api::BaseController
end
def create
featured_tag = CreateFeaturedTagService.new.call(current_account, featured_tag_params[:name])
featured_tag = CreateFeaturedTagService.new.call(current_account, params.require(:name))
render json: featured_tag, serializer: REST::FeaturedTagSerializer
end
@ -31,8 +31,4 @@ class Api::V1::FeaturedTagsController < Api::BaseController
def set_featured_tags
@featured_tags = current_account.featured_tags.order(statuses_count: :desc)
end
def featured_tag_params
params.permit(:name)
end
end

8
app/controllers/api/v1/filters_controller.rb
View file

@ -11,6 +11,10 @@ class Api::V1::FiltersController < Api::BaseController
render json: @filters, each_serializer: REST::V1::FilterSerializer
end
def show
render json: @filter, serializer: REST::V1::FilterSerializer
end
def create
ApplicationRecord.transaction do
filter_category = current_account.custom_filters.create!(filter_params)
@ -20,10 +24,6 @@ class Api::V1::FiltersController < Api::BaseController
render json: @filter, serializer: REST::V1::FilterSerializer
end
def show
render json: @filter, serializer: REST::V1::FilterSerializer
end
def update
ApplicationRecord.transaction do
@filter.update!(keyword_params)

12
app/controllers/api/v1/follow_requests_controller.rb
View file

@ -25,11 +25,11 @@ class Api::V1::FollowRequestsController < Api::BaseController
private
def account
Account.find(params[:id])
@account ||= Account.find(params[:id])
end
def relationships(**options)
AccountRelationshipsPresenter.new([params[:id]], current_user.account_id, **options)
AccountRelationshipsPresenter.new([account], current_user.account_id, **options)
end
def load_accounts
@ -53,15 +53,11 @@ class Api::V1::FollowRequestsController < Api::BaseController
end
def next_path
if records_continue?
api_v1_follow_requests_url pagination_params(max_id: pagination_max_id)
end
api_v1_follow_requests_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless @accounts.empty?
api_v1_follow_requests_url pagination_params(since_id: pagination_since_id)
end
api_v1_follow_requests_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
end
def pagination_max_id

9
app/controllers/api/v1/instances/activity_controller.rb
View file

@ -3,11 +3,12 @@
class Api::V1::Instances::ActivityController < Api::BaseController
before_action :require_enabled_api!
skip_before_action :set_cache_headers
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
vary_by ''
def show
expires_in 1.day, public: true
cache_even_if_authenticated!
render_with_cache json: :activity, expires_in: 1.day
end
@ -32,6 +33,6 @@ class Api::V1::Instances::ActivityController < Api::BaseController
end
def require_enabled_api!
head 404 unless Setting.activity_api_enabled && !whitelist_mode?
head 404 unless Setting.activity_api_enabled && !limited_federation_mode?
end
end

11
app/controllers/api/v1/instances/domain_blocks_controller.rb
View file

@ -1,13 +1,20 @@
# frozen_string_literal: true
class Api::V1::Instances::DomainBlocksController < Api::BaseController
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
before_action :require_enabled_api!
before_action :set_domain_blocks
vary_by '', if: -> { Setting.show_domain_blocks == 'all' }
def index
expires_in 3.minutes, public: true
if Setting.show_domain_blocks == 'all'
cache_even_if_authenticated!
else
cache_if_unauthenticated!
end
render json: @domain_blocks, each_serializer: REST::DomainBlockSerializer, with_comment: (Setting.show_domain_blocks_rationale == 'all' || (Setting.show_domain_blocks_rationale == 'users' && user_signed_in?))
end

12
app/controllers/api/v1/instances/extended_descriptions_controller.rb
View file

@ -1,12 +1,20 @@
# frozen_string_literal: true
class Api::V1::Instances::ExtendedDescriptionsController < Api::BaseController
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
skip_around_action :set_locale
before_action :set_extended_description
vary_by ''
# Override `current_user` to avoid reading session cookies unless in whitelist mode
def current_user
super if limited_federation_mode?
end
def show
expires_in 3.minutes, public: true
cache_even_if_authenticated!
render json: @extended_description, serializer: REST::ExtendedDescriptionSerializer
end

21
app/controllers/api/v1/instances/languages_controller.rb Normal file
View file

@ -0,0 +1,21 @@
# frozen_string_literal: true
class Api::V1::Instances::LanguagesController < Api::BaseController
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
skip_around_action :set_locale
before_action :set_languages
vary_by ''
def show
cache_even_if_authenticated!
render json: @languages, each_serializer: REST::LanguageSerializer
end
private
def set_languages
@languages = LanguagesHelper::SUPPORTED_LOCALES.keys.map { |code| LanguagePresenter.new(code) }
end
end

17
app/controllers/api/v1/instances/peers_controller.rb
View file

@ -3,17 +3,24 @@
class Api::V1::Instances::PeersController < Api::BaseController
before_action :require_enabled_api!
skip_before_action :set_cache_headers
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
skip_around_action :set_locale
vary_by ''
# Override `current_user` to avoid reading session cookies unless in whitelist mode
def current_user
super if limited_federation_mode?
end
def index
expires_in 1.day, public: true
render_with_cache(expires_in: 1.day) { Instance.where.not(domain: DomainBlock.select(:domain)).pluck(:domain) }
cache_even_if_authenticated!
render_with_cache(expires_in: 1.day) { Instance.searchable.pluck(:domain) }
end
private
def require_enabled_api!
head 404 unless Setting.peers_api_enabled && !whitelist_mode?
head 404 unless Setting.peers_api_enabled && !limited_federation_mode?
end
end

6
app/controllers/api/v1/instances/privacy_policies_controller.rb
View file

@ -1,12 +1,14 @@
# frozen_string_literal: true
class Api::V1::Instances::PrivacyPoliciesController < Api::BaseController
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
before_action :set_privacy_policy
vary_by ''
def show
expires_in 1.day, public: true
cache_even_if_authenticated!
render json: @privacy_policy, serializer: REST::PrivacyPolicySerializer
end

11
app/controllers/api/v1/instances/rules_controller.rb
View file

@ -1,11 +1,20 @@
# frozen_string_literal: true
class Api::V1::Instances::RulesController < Api::BaseController
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
skip_around_action :set_locale
before_action :set_rules
vary_by ''
# Override `current_user` to avoid reading session cookies unless in whitelist mode
def current_user
super if limited_federation_mode?
end
def index
cache_even_if_authenticated!
render json: @rules, each_serializer: REST::RuleSerializer
end

25
app/controllers/api/v1/instances/translation_languages_controller.rb Normal file
View file

@ -0,0 +1,25 @@
# frozen_string_literal: true
class Api::V1::Instances::TranslationLanguagesController < Api::BaseController
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
before_action :set_languages
vary_by ''
def show
cache_even_if_authenticated!
render json: @languages
end
private
def set_languages
if TranslationService.configured?
@languages = Rails.cache.fetch('translation_service/languages', expires_in: 7.days, race_condition_ttl: 1.hour) { TranslationService.configured.languages }
@languages['und'] = @languages.delete(nil) if @languages.key?(nil)
else
@languages = {}
end
end
end

13
app/controllers/api/v1/instances_controller.rb
View file

@ -1,11 +1,18 @@
# frozen_string_literal: true
class Api::V1::InstancesController < Api::BaseController
skip_before_action :set_cache_headers
skip_before_action :require_authenticated_user!, unless: :whitelist_mode?
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
skip_around_action :set_locale
vary_by ''
# Override `current_user` to avoid reading session cookies unless in whitelist mode
def current_user
super if limited_federation_mode?
end
def show
expires_in 3.minutes, public: true
cache_even_if_authenticated!
render_with_cache json: InstancePresenter.new, serializer: REST::V1::InstanceSerializer, root: 'instance'
end
end

8
app/controllers/api/v1/lists/accounts_controller.rb
View file

@ -62,17 +62,13 @@ class Api::V1::Lists::AccountsController < Api::BaseController
def next_path
return if unlimited?
if records_continue?
api_v1_list_accounts_url pagination_params(max_id: pagination_max_id)
end
api_v1_list_accounts_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
return if unlimited?
unless @accounts.empty?
api_v1_list_accounts_url pagination_params(since_id: pagination_since_id)
end
api_v1_list_accounts_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
end
def pagination_max_id

2
app/controllers/api/v1/lists_controller.rb
View file

@ -42,6 +42,6 @@ class Api::V1::ListsController < Api::BaseController
end
def list_params
params.permit(:title, :replies_policy)
params.permit(:title, :replies_policy, :exclusive)
end
end

5
app/controllers/api/v1/markers_controller.rb
View file

@ -7,7 +7,10 @@ class Api::V1::MarkersController < Api::BaseController
before_action :require_user!
def index
@markers = current_user.markers.where(timeline: Array(params[:timeline])).index_by(&:timeline)
with_read_replica do
@markers = current_user.markers.where(timeline: Array(params[:timeline])).index_by(&:timeline)
end
render json: serialize_map(@markers)
end

11
app/controllers/api/v1/media_controller.rb
View file

@ -6,19 +6,20 @@ class Api::V1::MediaController < Api::BaseController
before_action :set_media_attachment, except: [:create]
before_action :check_processing, except: [:create]
def show
render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: status_code_for_media_attachment
end
def create
@media_attachment = current_account.media_attachments.create!(media_attachment_params)
render json: @media_attachment, serializer: REST::MediaAttachmentSerializer
rescue Paperclip::Errors::NotIdentifiedByImageMagickError
render json: file_type_error, status: 422
rescue Paperclip::Error
rescue Paperclip::Error => e
Rails.logger.error "#{e.class}: #{e.message}"
render json: processing_error, status: 500
end
def show
render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: status_code_for_media_attachment
end
def update
@media_attachment.update!(updateable_media_attachment_params)
render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: status_code_for_media_attachment

8
app/controllers/api/v1/mutes_controller.rb
View file

@ -33,15 +33,11 @@ class Api::V1::MutesController < Api::BaseController
end
def next_path
if records_continue?
api_v1_mutes_url pagination_params(max_id: pagination_max_id)
end
api_v1_mutes_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless paginated_mutes.empty?
api_v1_mutes_url pagination_params(since_id: pagination_since_id)
end
api_v1_mutes_url pagination_params(since_id: pagination_since_id) unless paginated_mutes.empty?
end
def pagination_max_id

18
app/controllers/api/v1/notifications_controller.rb
View file

@ -9,8 +9,12 @@ class Api::V1::NotificationsController < Api::BaseController
DEFAULT_NOTIFICATIONS_LIMIT = 40
def index
@notifications = load_notifications
render json: @notifications, each_serializer: REST::NotificationSerializer, relationships: StatusRelationshipsPresenter.new(target_statuses_from_notifications, current_user&.account_id)
with_read_replica do
@notifications = load_notifications
@relationships = StatusRelationshipsPresenter.new(target_statuses_from_notifications, current_user&.account_id)
end
render json: @notifications, each_serializer: REST::NotificationSerializer, relationships: @relationships
end
def show
@ -24,7 +28,7 @@ class Api::V1::NotificationsController < Api::BaseController
end
def dismiss
current_account.notifications.find_by!(id: params[:id]).destroy!
current_account.notifications.find(params[:id]).destroy!
render_empty
end
@ -58,15 +62,11 @@ class Api::V1::NotificationsController < Api::BaseController
end
def next_path
unless @notifications.empty?
api_v1_notifications_url pagination_params(max_id: pagination_max_id)
end
api_v1_notifications_url pagination_params(max_id: pagination_max_id) unless @notifications.empty?
end
def prev_path
unless @notifications.empty?
api_v1_notifications_url pagination_params(min_id: pagination_since_id)
end
api_v1_notifications_url pagination_params(min_id: pagination_since_id) unless @notifications.empty?
end
def pagination_max_id

47
app/controllers/api/v1/peers/search_controller.rb Normal file
View file

@ -0,0 +1,47 @@
# frozen_string_literal: true
class Api::V1::Peers::SearchController < Api::BaseController
before_action :require_enabled_api!
before_action :set_domains
skip_before_action :require_authenticated_user!, unless: :limited_federation_mode?
skip_around_action :set_locale
vary_by ''
def index
cache_even_if_authenticated!
render json: @domains
end
private
def require_enabled_api!
head 404 unless Setting.peers_api_enabled && !limited_federation_mode?
end
def set_domains
return if params[:q].blank?
if Chewy.enabled?
@domains = InstancesIndex.query(function_score: {
query: {
prefix: {
domain: TagManager.instance.normalize_domain(params[:q].strip),
},
},
field_value_factor: {
field: 'accounts_count',
modifier: 'log2p',
},
}).limit(10).pluck(:domain)
else
domain = params[:q].strip
domain = TagManager.instance.normalize_domain(domain)
@domains = Instance.searchable.where(Instance.arel_table[:domain].matches("#{Instance.sanitize_sql_like(domain)}%", false, true)).limit(10).pluck(:domain)
end
rescue Addressable::URI::InvalidURIError
@domains = []
end
end

1
app/controllers/api/v1/polls_controller.rb
View file

@ -8,6 +8,7 @@ class Api::V1::PollsController < Api::BaseController
before_action :refresh_poll
def show
cache_if_unauthenticated!
render json: @poll, serializer: REST::PollSerializer, include_results: true
end

13
app/controllers/api/v1/profile/avatars_controller.rb Normal file
View file

@ -0,0 +1,13 @@
# frozen_string_literal: true
class Api::V1::Profile::AvatarsController < Api::BaseController
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }
before_action :require_user!
def destroy
@account = current_account
UpdateAccountService.new.call(@account, { avatar: nil }, raise_error: true)
ActivityPub::UpdateDistributionWorker.perform_async(@account.id)
render json: @account, serializer: REST::CredentialAccountSerializer
end
end

13
app/controllers/api/v1/profile/headers_controller.rb Normal file
View file

@ -0,0 +1,13 @@
# frozen_string_literal: true
class Api::V1::Profile::HeadersController < Api::BaseController
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }
before_action :require_user!
def destroy
@account = current_account
UpdateAccountService.new.call(@account, { header: nil }, raise_error: true)
ActivityPub::UpdateDistributionWorker.perform_async(@account.id)
render json: @account, serializer: REST::CredentialAccountSerializer
end
end

8
app/controllers/api/v1/push/subscriptions_controller.rb
View file

@ -6,6 +6,10 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
before_action :set_push_subscription
before_action :check_push_subscription, only: [:show, :update]
def show
render json: @push_subscription, serializer: REST::WebPushSubscriptionSerializer
end
def create
@push_subscription&.destroy!
@ -21,10 +25,6 @@ class Api::V1::Push::SubscriptionsController < Api::BaseController
render json: @push_subscription, serializer: REST::WebPushSubscriptionSerializer
end
def show
render json: @push_subscription, serializer: REST::WebPushSubscriptionSerializer
end
def update
@push_subscription.update!(data: data_params)
render json: @push_subscription, serializer: REST::WebPushSubscriptionSerializer

2
app/controllers/api/v1/reports_controller.rb
View file

@ -23,6 +23,6 @@ class Api::V1::ReportsController < Api::BaseController
end
def report_params
params.permit(:account_id, :comment, :category, :forward, status_ids: [], rule_ids: [])
params.permit(:account_id, :comment, :category, :forward, forward_to_domains: [], status_ids: [], rule_ids: [])
end
end

8
app/controllers/api/v1/scheduled_statuses_controller.rb
View file

@ -53,15 +53,11 @@ class Api::V1::ScheduledStatusesController < Api::BaseController
end
def next_path
if records_continue?
api_v1_scheduled_statuses_url pagination_params(max_id: pagination_max_id)
end
api_v1_scheduled_statuses_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless @statuses.empty?
api_v1_scheduled_statuses_url pagination_params(min_id: pagination_since_id)
end
api_v1_scheduled_statuses_url pagination_params(min_id: pagination_since_id) unless @statuses.empty?
end
def records_continue?

9
app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
View file

@ -8,6 +8,7 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
after_action :insert_pagination_headers
def index
cache_if_unauthenticated!
@accounts = load_accounts
render json: @accounts, each_serializer: REST::AccountSerializer
end
@ -41,15 +42,11 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
end
def next_path
if records_continue?
api_v1_status_favourited_by_index_url pagination_params(max_id: pagination_max_id)
end
api_v1_status_favourited_by_index_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless @accounts.empty?
api_v1_status_favourited_by_index_url pagination_params(since_id: pagination_since_id)
end
api_v1_status_favourited_by_index_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
end
def pagination_max_id

5
app/controllers/api/v1/statuses/favourites_controller.rb
View file

@ -17,13 +17,16 @@ class Api::V1::Statuses::FavouritesController < Api::BaseController
if fav
@status = fav.status
count = [@status.favourites_count - 1, 0].max
UnfavouriteWorker.perform_async(current_account.id, @status.id)
else
@status = Status.find(params[:status_id])
count = @status.favourites_count
authorize @status, :show?
end
render json: @status, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, favourites_map: { @status.id => false })
relationships = StatusRelationshipsPresenter.new([@status], current_account.id, favourites_map: { @status.id => false }, attributes_map: { @status.id => { favourites_count: count } })
render json: @status, serializer: REST::StatusSerializer, relationships: relationships
rescue Mastodon::NotPermittedError
not_found
end

1
app/controllers/api/v1/statuses/histories_controller.rb
View file

@ -7,6 +7,7 @@ class Api::V1::Statuses::HistoriesController < Api::BaseController
before_action :set_status
def show
cache_if_unauthenticated!
render json: status_edits, each_serializer: REST::StatusEditSerializer
end

9
app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb
View file

@ -8,6 +8,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
after_action :insert_pagination_headers
def index
cache_if_unauthenticated!
@accounts = load_accounts
render json: @accounts, each_serializer: REST::AccountSerializer
end
@ -37,15 +38,11 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController
end
def next_path
if records_continue?
api_v1_status_reblogged_by_index_url pagination_params(max_id: pagination_max_id)
end
api_v1_status_reblogged_by_index_url pagination_params(max_id: pagination_max_id) if records_continue?
end
def prev_path
unless @accounts.empty?
api_v1_status_reblogged_by_index_url pagination_params(since_id: pagination_since_id)
end
api_v1_status_reblogged_by_index_url pagination_params(since_id: pagination_since_id) unless @accounts.empty?
end
def pagination_max_id

9
app/controllers/api/v1/statuses/reblogs_controller.rb
View file

@ -12,7 +12,7 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
override_rate_limit_headers :create, family: :statuses
def create
with_lock("reblog:#{current_account.id}:#{@reblog.id}") do
with_redis_lock("reblog:#{current_account.id}:#{@reblog.id}") do
@status = ReblogService.new.call(current_account, @reblog, reblog_params)
end
@ -24,15 +24,18 @@ class Api::V1::Statuses::ReblogsController < Api::BaseController
if @status
authorize @status, :unreblog?
@reblog = @status.reblog
count = [@reblog.reblogs_count - 1, 0].max
@status.discard
RemovalWorker.perform_async(@status.id)
@reblog = @status.reblog
else
@reblog = Status.find(params[:status_id])
count = @reblog.reblogs_count
authorize @reblog, :show?
end
render json: @reblog, serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new([@status], current_account.id, reblogs_map: { @reblog.id => false })
relationships = StatusRelationshipsPresenter.new([@status], current_account.id, reblogs_map: { @reblog.id => false }, attributes_map: { @reblog.id => { reblogs_count: count } })
render json: @reblog, serializer: REST::StatusSerializer, relationships: relationships
rescue Mastodon::NotPermittedError
not_found
end

10
app/controllers/api/v1/statuses/translations_controller.rb
View file

@ -9,7 +9,15 @@ class Api::V1::Statuses::TranslationsController < Api::BaseController
before_action :set_translation
rescue_from TranslationService::NotConfiguredError, with: :not_found
rescue_from TranslationService::UnexpectedResponseError, TranslationService::QuotaExceededError, TranslationService::TooManyRequestsError, with: :service_unavailable
rescue_from TranslationService::UnexpectedResponseError, with: :service_unavailable
rescue_from TranslationService::QuotaExceededError do
render json: { error: I18n.t('translation.errors.quota_exceeded') }, status: 503
end
rescue_from TranslationService::TooManyRequestsError do
render json: { error: I18n.t('translation.errors.too_many_requests') }, status: 503
end
def create
render json: @translation, serializer: REST::TranslationSerializer

11
app/controllers/api/v1/statuses_controller.rb
View file

@ -24,11 +24,14 @@ class Api::V1::StatusesController < Api::BaseController
DESCENDANTS_DEPTH_LIMIT = 20
def show
cache_if_unauthenticated!
@status = cache_collection([@status], Status).first
render json: @status, serializer: REST::StatusSerializer
end
def context
cache_if_unauthenticated!
ancestors_limit = CONTEXT_LIMIT
descendants_limit = CONTEXT_LIMIT
descendants_depth_limit = nil
@ -63,11 +66,18 @@ class Api::V1::StatusesController < Api::BaseController
scheduled_at: status_params[:scheduled_at],
application: doorkeeper_token.application,
poll: status_params[:poll],
allowed_mentions: status_params[:allowed_mentions],
idempotency: request.headers['Idempotency-Key'],
with_rate_limit: true
)
render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
rescue PostStatusService::UnexpectedMentionsError => e
unexpected_accounts = ActiveModel::Serializer::CollectionSerializer.new(
e.accounts,
serializer: REST::AccountSerializer
)
render json: { error: e.message, unexpected_accounts: unexpected_accounts }, status: 422
end
def update
@ -128,6 +138,7 @@ class Api::V1::StatusesController < Api::BaseController
:visibility,
:language,
:scheduled_at,
allowed_mentions: [],
media_ids: [],
media_attributes: [
:id,

2
app/controllers/api/v1/streaming_controller.rb
View file

@ -5,7 +5,7 @@ class Api::V1::StreamingController < Api::BaseController
if same_host?
not_found
else
redirect_to streaming_api_url, status: 301
redirect_to streaming_api_url, status: 301, allow_other_host: true
end
end

3
app/controllers/api/v1/tags_controller.rb
View file

@ -8,6 +8,7 @@ class Api::V1::TagsController < Api::BaseController
override_rate_limit_headers :follow, family: :follows
def show
cache_if_unauthenticated!
render json: @tag, serializer: REST::TagSerializer
end
@ -18,6 +19,7 @@ class Api::V1::TagsController < Api::BaseController
def unfollow
TagFollow.find_by(account: current_account, tag: @tag)&.destroy!
TagUnmergeWorker.perform_async(@tag.id, current_account.id)
render json: @tag, serializer: REST::TagSerializer
end
@ -25,6 +27,7 @@ class Api::V1::TagsController < Api::BaseController
def set_or_create_tag
return not_found unless Tag::HASHTAG_NAME_RE.match?(params[:id])
@tag = Tag.find_normalized(params[:id]) || Tag.new(name: Tag.normalize(params[:id]), display_name: params[:id])
end
end

7
app/controllers/api/v1/timelines/home_controller.rb
View file

@ -6,11 +6,14 @@ class Api::V1::Timelines::HomeController < Api::BaseController
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
def show
@statuses = load_statuses
with_read_replica do
@statuses = load_statuses
@relationships = StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
end
render json: @statuses,
each_serializer: REST::StatusSerializer,
relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id),
relationships: @relationships,
status: account_home_feed.regenerating? ? 206 : 200
end

1
app/controllers/api/v1/timelines/public_controller.rb
View file

@ -6,6 +6,7 @@ class Api::V1::Timelines::PublicController < Api::BaseController
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
def show
cache_if_unauthenticated!
@statuses = load_statuses
render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
end

1
app/controllers/api/v1/timelines/tag_controller.rb
View file

@ -7,6 +7,7 @@ class Api::V1::Timelines::TagController < Api::BaseController
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
def show
cache_if_unauthenticated!
@statuses = load_statuses
render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
end

15
app/controllers/api/v1/trends/links_controller.rb
View file

@ -1,6 +1,8 @@
# frozen_string_literal: true
class Api::V1::Trends::LinksController < Api::BaseController
vary_by 'Authorization, Accept-Language'
before_action :set_links
after_action :insert_pagination_headers
@ -8,6 +10,7 @@ class Api::V1::Trends::LinksController < Api::BaseController
DEFAULT_LINKS_LIMIT = 10
def index
cache_if_unauthenticated!
render json: @links, each_serializer: REST::Trends::LinkSerializer
end
@ -18,13 +21,11 @@ class Api::V1::Trends::LinksController < Api::BaseController
end
def set_links
@links = begin
if enabled?
links_from_trends.offset(offset_param).limit(limit_param(DEFAULT_LINKS_LIMIT))
else
[]
end
end
@links = if enabled?
links_from_trends.offset(offset_param).limit(limit_param(DEFAULT_LINKS_LIMIT))
else
[]
end
end
def links_from_trends

15
app/controllers/api/v1/trends/statuses_controller.rb
View file

@ -1,11 +1,14 @@
# frozen_string_literal: true
class Api::V1::Trends::StatusesController < Api::BaseController
vary_by 'Authorization, Accept-Language'
before_action :set_statuses
after_action :insert_pagination_headers
def index
cache_if_unauthenticated!
render json: @statuses, each_serializer: REST::StatusSerializer
end
@ -16,13 +19,11 @@ class Api::V1::Trends::StatusesController < Api::BaseController
end
def set_statuses
@statuses = begin
if enabled?
cache_collection(statuses_from_trends.offset(offset_param).limit(limit_param(DEFAULT_STATUSES_LIMIT)), Status)
else
[]
end
end
@statuses = if enabled?
cache_collection(statuses_from_trends.offset(offset_param).limit(limit_param(DEFAULT_STATUSES_LIMIT)), Status)
else
[]
end
end
def statuses_from_trends

13
app/controllers/api/v1/trends/tags_controller.rb
View file

@ -8,6 +8,7 @@ class Api::V1::Trends::TagsController < Api::BaseController
DEFAULT_TAGS_LIMIT = 10
def index
cache_if_unauthenticated!
render json: @tags, each_serializer: REST::TagSerializer, relationships: TagRelationshipsPresenter.new(@tags, current_user&.account_id)
end
@ -18,13 +19,11 @@ class Api::V1::Trends::TagsController < Api::BaseController
end
def set_tags
@tags = begin
if enabled?
tags_from_trends.offset(offset_param).limit(limit_param(DEFAULT_TAGS_LIMIT))
else
[]
end
end
@tags = if enabled?
tags_from_trends.offset(offset_param).limit(limit_param(DEFAULT_TAGS_LIMIT))
else
[]
end
end
def tags_from_trends

4
app/controllers/api/v2/admin/accounts_controller.rb
View file

@ -33,9 +33,7 @@ class Api::V2::Admin::AccountsController < Api::V1::Admin::AccountsController
def translated_filter_params
translated_params = filter_params.slice(*AccountFilter::KEYS)
if params[:permissions] == 'staff'
translated_params[:role_ids] = UserRole.that_can(:manage_reports).map(&:id)
end
translated_params[:role_ids] = UserRole.that_can(:manage_reports).map(&:id) if params[:permissions] == 'staff'
translated_params
end

8
app/controllers/api/v2/filters/keywords_controller.rb
View file

@ -12,13 +12,13 @@ class Api::V2::Filters::KeywordsController < Api::BaseController
render json: @keywords, each_serializer: REST::FilterKeywordSerializer
end
def create
@keyword = current_account.custom_filters.find(params[:filter_id]).keywords.create!(resource_params)
def show
render json: @keyword, serializer: REST::FilterKeywordSerializer
end
def show
def create
@keyword = current_account.custom_filters.find(params[:filter_id]).keywords.create!(resource_params)
render json: @keyword, serializer: REST::FilterKeywordSerializer
end

8
app/controllers/api/v2/filters/statuses_controller.rb
View file

@ -12,13 +12,13 @@ class Api::V2::Filters::StatusesController < Api::BaseController
render json: @status_filters, each_serializer: REST::FilterStatusSerializer
end
def create
@status_filter = current_account.custom_filters.find(params[:filter_id]).statuses.create!(resource_params)
def show
render json: @status_filter, serializer: REST::FilterStatusSerializer
end
def show
def create
@status_filter = current_account.custom_filters.find(params[:filter_id]).statuses.create!(resource_params)
render json: @status_filter, serializer: REST::FilterStatusSerializer
end

8
app/controllers/api/v2/filters_controller.rb
View file

@ -11,13 +11,13 @@ class Api::V2::FiltersController < Api::BaseController
render json: @filters, each_serializer: REST::FilterSerializer, rules_requested: true
end
def create
@filter = current_account.custom_filters.create!(resource_params)
def show
render json: @filter, serializer: REST::FilterSerializer, rules_requested: true
end
def show
def create
@filter = current_account.custom_filters.create!(resource_params)
render json: @filter, serializer: REST::FilterSerializer, rules_requested: true
end

2
app/controllers/api/v2/instances_controller.rb
View file

@ -2,7 +2,7 @@
class Api::V2::InstancesController < Api::V1::InstancesController
def show
expires_in 3.minutes, public: true
cache_even_if_authenticated!
render_with_cache json: InstancePresenter.new, serializer: REST::InstanceSerializer, root: 'instance'
end
end

3
app/controllers/api/v2/media_controller.rb
View file

@ -6,7 +6,8 @@ class Api::V2::MediaController < Api::V1::MediaController
render json: @media_attachment, serializer: REST::MediaAttachmentSerializer, status: @media_attachment.not_processed? ? 202 : 200
rescue Paperclip::Errors::NotIdentifiedByImageMagickError
render json: file_type_error, status: 422
rescue Paperclip::Error
rescue Paperclip::Error => e
Rails.logger.error "#{e.class}: #{e.message}"
render json: processing_error, status: 500
end
end

4
app/controllers/api/v2/search_controller.rb
View file

@ -34,11 +34,11 @@ class Api::V2::SearchController < Api::BaseController
params[:q],
current_account,
limit_param(RESULTS_LIMIT),
search_params.merge(resolve: truthy_param?(:resolve), exclude_unreviewed: truthy_param?(:exclude_unreviewed))
search_params.merge(resolve: truthy_param?(:resolve), exclude_unreviewed: truthy_param?(:exclude_unreviewed), following: truthy_param?(:following))
)
end
def search_params
params.permit(:type, :offset, :min_id, :max_id, :account_id)
params.permit(:type, :offset, :min_id, :max_id, :account_id, :following)
end
end

37
app/controllers/api/web/embeds_controller.rb
View file

@ -1,25 +1,36 @@
# frozen_string_literal: true
class Api::Web::EmbedsController < Api::Web::BaseController
before_action :require_user!
include Authorization
def create
status = StatusFinder.new(params[:url]).status
before_action :set_status
return not_found if status.hidden?
def show
return not_found if @status.hidden?
render json: status, serializer: OEmbedSerializer, width: 400
rescue ActiveRecord::RecordNotFound
oembed = FetchOEmbedService.new.call(params[:url])
if @status.local?
render json: @status, serializer: OEmbedSerializer, width: 400
else
return not_found unless user_signed_in?
return not_found if oembed.nil?
url = ActivityPub::TagManager.instance.url_for(@status)
oembed = FetchOEmbedService.new.call(url)
return not_found if oembed.nil?
begin
oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED)
rescue ArgumentError
return not_found
begin
oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED)
rescue ArgumentError
return not_found
end
render json: oembed
end
end
render json: oembed
def set_status
@status = Status.find(params[:id])
authorize @status, :show?
rescue Mastodon::NotPermittedError
not_found
end
end

54
app/controllers/application_controller.rb
View file

@ -10,13 +10,19 @@ class ApplicationController < ActionController::Base
include SessionTrackingConcern
include CacheConcern
include DomainControlHelper
include DatabaseHelper
include AuthorizedFetchHelper
helper_method :current_account
helper_method :current_session
helper_method :current_theme
helper_method :single_user_mode?
helper_method :use_seamless_external_login?
helper_method :whitelist_mode?
helper_method :omniauth_only?
helper_method :sso_account_settings
helper_method :limited_federation_mode?
helper_method :body_class_string
helper_method :skip_csrf_meta_tags?
rescue_from ActionController::ParameterMissing, Paperclip::AdapterRegistry::NoHandlerError, with: :bad_request
rescue_from Mastodon::NotPermittedError, with: :forbidden
@ -33,9 +39,11 @@ class ApplicationController < ActionController::Base
service_unavailable
end
before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
before_action :store_referrer, except: :raise_not_found, if: :devise_controller?
before_action :require_functional!, if: :user_signed_in?
before_action :set_cache_control_defaults
skip_before_action :verify_authenticity_token, only: :raise_not_found
def raise_not_found
@ -44,24 +52,35 @@ class ApplicationController < ActionController::Base
private
def authorized_fetch_mode?
ENV['AUTHORIZED_FETCH'] == 'true' || Rails.configuration.x.whitelist_mode
end
def public_fetch_mode?
!authorized_fetch_mode?
end
def store_current_location
store_location_for(:user, request.url) unless [:json, :rss].include?(request.format&.to_sym)
def store_referrer
return if request.referer.blank?
redirect_uri = URI(request.referer)
return if redirect_uri.path.start_with?('/auth')
stored_url = redirect_uri.to_s if redirect_uri.host == request.host && redirect_uri.port == request.port
store_location_for(:user, stored_url)
end
def require_functional!
redirect_to edit_user_registration_path unless current_user.functional?
end
def skip_csrf_meta_tags?
false
end
def after_sign_out_path_for(_resource_or_scope)
new_user_session_path
if ENV['OMNIAUTH_ONLY'] == 'true' && ENV['OIDC_ENABLED'] == 'true'
'/auth/auth/openid_connect/logout'
else
new_user_session_path
end
end
protected
@ -114,6 +133,14 @@ class ApplicationController < ActionController::Base
Devise.pam_authentication || Devise.ldap_authentication
end
def omniauth_only?
ENV['OMNIAUTH_ONLY'] == 'true'
end
def sso_account_settings
ENV.fetch('SSO_ACCOUNT_SETTINGS', nil)
end
def current_account
return @current_account if defined?(@current_account)
@ -128,13 +155,22 @@ class ApplicationController < ActionController::Base
def current_theme
return Setting.theme unless Themes.instance.names.include? current_user&.setting_theme
current_user.setting_theme
end
def body_class_string
@body_classes || ''
end
def respond_with_error(code)
respond_to do |format|
format.any { render "errors/#{code}", layout: 'error', status: code, formats: [:html] }
format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code }
end
end
def set_cache_control_defaults
response.cache_control.replace(private: true, no_store: true)
end
end

46
app/controllers/auth/confirmations_controller.rb
View file

@ -1,21 +1,63 @@
# frozen_string_literal: true
class Auth::ConfirmationsController < Devise::ConfirmationsController
include CaptchaConcern
layout 'auth'
before_action :set_body_classes
before_action :set_confirmation_user!, only: [:show, :confirm_captcha]
before_action :require_unconfirmed!
before_action :extend_csp_for_captcha!, only: [:show, :confirm_captcha]
before_action :require_captcha_if_needed!, only: [:show]
skip_before_action :require_functional!
def show
old_session_values = session.to_hash
reset_session
session.update old_session_values.except('session_id')
super
end
def new
super
resource.email = current_user.unconfirmed_email || current_user.email if user_signed_in?
end
def confirm_captcha
check_captcha! do |message|
flash.now[:alert] = message
render :captcha
return
end
show
end
private
def require_captcha_if_needed!
render :captcha if captcha_required?
end
def set_confirmation_user!
# We need to reimplement looking up the user because
# Devise::ConfirmationsController#show looks up and confirms in one
# step.
confirmation_token = params[:confirmation_token]
return if confirmation_token.nil?
@confirmation_user = User.find_first_by_auth_conditions(confirmation_token: confirmation_token)
end
def captcha_user_bypass?
return true if @confirmation_user.nil? || @confirmation_user.confirmed?
end
def require_unconfirmed!
if user_signed_in? && current_user.confirmed? && current_user.unconfirmed_email.blank?
redirect_to(current_user.approved? ? root_path : edit_user_registration_path)
@ -41,8 +83,10 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
def after_confirmation_path_for(_resource_name, user)
if user.created_by_application && truthy_param?(:redirect_to_app)
user.created_by_application.confirmation_redirect_uri
elsif user_signed_in?
web_url('start')
else
super
new_user_session_path
end
end
end

41
app/controllers/auth/omniauth_callbacks_controller.rb
View file

@ -5,21 +5,13 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def self.provides_callback_for(provider)
define_method provider do
@provider = provider
@user = User.find_for_omniauth(request.env['omniauth.auth'], current_user)
if @user.persisted?
LoginActivity.create(
user: @user,
success: true,
authentication_method: :omniauth,
provider: provider,
ip: request.remote_ip,
user_agent: request.user_agent
)
record_login_activity
sign_in_and_redirect @user, event: :authentication
label = Devise.omniauth_configs[provider]&.strategy&.display_name.presence || I18n.t("auth.providers.#{provider}", default: provider.to_s.chomp('_oauth2').capitalize)
set_flash_message(:notice, :success, kind: label) if is_navigational_format?
set_flash_message(:notice, :success, kind: label_for_provider) if is_navigational_format?
else
session["devise.#{provider}_data"] = request.env['omniauth.auth']
redirect_to new_user_registration_url
@ -36,9 +28,34 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def after_sign_in_path_for(resource)
if resource.email_present?
root_path
stored_location_for(resource) || root_path
else
auth_setup_path(missing_email: '1')
end
end
private
def record_login_activity
LoginActivity.create(
user: @user,
success: true,
authentication_method: :omniauth,
provider: @provider,
ip: request.remote_ip,
user_agent: request.user_agent
)
end
def label_for_provider
provider_display_name || configured_provider_name
end
def provider_display_name
Devise.omniauth_configs[@provider]&.strategy&.display_name.presence
end
def configured_provider_name
I18n.t("auth.providers.#{@provider}", default: @provider.to_s.chomp('_oauth2').capitalize)
end
end

Some files were not shown because too many files have changed in this diff Show more