logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

account_controller.ex (22095B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.MastodonAPI.AccountController do
  6.   use Pleroma.Web, :controller
  8.   import Pleroma.Web.ControllerHelper,
  9.     only: [
  10.       add_link_headers: 2,
  11.       assign_account_by_id: 2,
  12.       embed_relationships?: 1,
  13.       json_response: 3
  14.     ]
  16.   alias Pleroma.Maps
  17.   alias Pleroma.User
  18.   alias Pleroma.UserNote
  19.   alias Pleroma.Web.ActivityPub.ActivityPub
  20.   alias Pleroma.Web.ActivityPub.Builder
  21.   alias Pleroma.Web.ActivityPub.Pipeline
  22.   alias Pleroma.Web.CommonAPI
  23.   alias Pleroma.Web.MastodonAPI.ListView
  24.   alias Pleroma.Web.MastodonAPI.MastodonAPI
  25.   alias Pleroma.Web.MastodonAPI.StatusView
  26.   alias Pleroma.Web.OAuth.OAuthController
  27.   alias Pleroma.Web.Plugs.OAuthScopesPlug
  28.   alias Pleroma.Web.Plugs.RateLimiter
  29.   alias Pleroma.Web.TwitterAPI.TwitterAPI
  30.   alias Pleroma.Web.Utils.Params
  32.   plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false)
  34.   plug(:skip_auth when action in [:create, :lookup])
  36.   plug(:skip_public_check when action in [:show, :statuses])
  38.   plug(
  39.     OAuthScopesPlug,
  40.     %{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]}
  41.     when action in [:show, :followers, :following]
  42.   )
  44.   plug(
  45.     OAuthScopesPlug,
  46.     %{fallback: :proceed_unauthenticated, scopes: ["read:statuses"]}
  47.     when action == :statuses
  48.   )
  50.   plug(
  51.     OAuthScopesPlug,
  52.     %{scopes: ["read:accounts"]}
  53.     when action in [:verify_credentials, :endorsements]
  54.   )
  56.   plug(
  57.     OAuthScopesPlug,
  58.     %{scopes: ["write:accounts"]}
  59.     when action in [:update_credentials, :note, :endorse, :unendorse]
  60.   )
  62.   plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists)
  64.   plug(
  65.     OAuthScopesPlug,
  66.     %{scopes: ["follow", "read:blocks"]} when action == :blocks
  67.   )
  69.   plug(
  70.     OAuthScopesPlug,
  71.     %{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock]
  72.   )
  74.   plug(
  75.     OAuthScopesPlug,
  76.     %{scopes: ["read:follows"]} when action in [:relationships, :familiar_followers]
  77.   )
  79.   plug(
  80.     OAuthScopesPlug,
  81.     %{scopes: ["follow", "write:follows"]}
  82.     when action in [:follow_by_uri, :follow, :unfollow, :remove_from_followers]
  83.   )
  85.   plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
  87.   plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
  89.   @relationship_actions [:follow, :unfollow, :remove_from_followers]
  90.   @needs_account ~W(
  91.     followers following lists follow unfollow mute unmute block unblock
  92.     note endorse unendorse remove_from_followers
  93.   )a
  95.   plug(
  96.     RateLimiter,
  97.     [name: :relation_id_action, params: ["id", "uri"]] when action in @relationship_actions
  98.   )
  100.   plug(RateLimiter, [name: :relations_actions] when action in @relationship_actions)
  101.   plug(RateLimiter, [name: :app_account_creation] when action == :create)
  102.   plug(:assign_account_by_id when action in @needs_account)
  104.   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
  106.   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AccountOperation
  108.   @doc "POST /api/v1/accounts"
  109.   def create(
  110.         %{assigns: %{app: app}, private: %{open_api_spex: %{body_params: params}}} = conn,
  111.         _params
  112.       ) do
  113.     with :ok <- validate_email_param(params),
  114.          :ok <- TwitterAPI.validate_captcha(app, params),
  115.          {:ok, user} <- TwitterAPI.register_user(params),
  116.          {_, {:ok, token}} <-
  117.            {:login, OAuthController.login(user, app, app.scopes)} do
  118.       OAuthController.after_token_exchange(conn, %{user: user, token: token})
  119.     else
  120.       {:login, {:account_status, :confirmation_pending}} ->
  121.         json_response(conn, :ok, %{
  122.           message: "You have been registered. Please check your email for further instructions.",
  123.           identifier: "missing_confirmed_email"
  124.         })
  126.       {:login, {:account_status, :approval_pending}} ->
  127.         json_response(conn, :ok, %{
  128.           message:
  129.             "You have been registered. You'll be able to log in once your account is approved.",
  130.           identifier: "awaiting_approval"
  131.         })
  133.       {:login, _} ->
  134.         json_response(conn, :ok, %{
  135.           message:
  136.             "You have been registered. Some post-registration steps may be pending. " <>
  137.               "Please log in manually.",
  138.           identifier: "manual_login_required"
  139.         })
  141.       {:error, error} ->
  142.         json_response(conn, :bad_request, %{error: error})
  143.     end
  144.   end
  146.   def create(%{assigns: %{app: _app}} = conn, _) do
  147.     render_error(conn, :bad_request, "Missing parameters")
  148.   end
  150.   def create(conn, _) do
  151.     render_error(conn, :forbidden, "Invalid credentials")
  152.   end
  154.   defp validate_email_param(%{email: email}) when not is_nil(email), do: :ok
  156.   defp validate_email_param(_) do
  157.     case Pleroma.Config.get([:instance, :account_activation_required]) do
  158.       true -> {:error, dgettext("errors", "Missing parameter: %{name}", name: "email")}
  159.       _ -> :ok
  160.     end
  161.   end
  163.   @doc "GET /api/v1/accounts/verify_credentials"
  164.   def verify_credentials(%{assigns: %{user: user}} = conn, _) do
  165.     chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
  167.     render(conn, "show.json",
  168.       user: user,
  169.       for: user,
  170.       with_pleroma_settings: true,
  171.       with_chat_token: chat_token
  172.     )
  173.   end
  175.   @doc "PATCH /api/v1/accounts/update_credentials"
  176.   def update_credentials(
  177.         %{assigns: %{user: user}, private: %{open_api_spex: %{body_params: params}}} = conn,
  178.         _params
  179.       ) do
  180.     params =
  181.       params
  182.       |> Enum.filter(fn {_, value} -> not is_nil(value) end)
  183.       |> Enum.into(%{})
  185.     # We use an empty string as a special value to reset
  186.     # avatars, banners, backgrounds
  187.     user_image_value = fn
  188.       "" -> {:ok, nil}
  189.       value -> {:ok, value}
  190.     end
  192.     user_params =
  193.       [
  194.         :no_rich_text,
  195.         :hide_followers_count,
  196.         :hide_follows_count,
  197.         :hide_followers,
  198.         :hide_follows,
  199.         :hide_favorites,
  200.         :show_role,
  201.         :skip_thread_containment,
  202.         :allow_following_move,
  203.         :also_known_as,
  204.         :accepts_chat_messages,
  205.         :show_birthday
  206.       ]
  207.       |> Enum.reduce(%{}, fn key, acc ->
  208.         Maps.put_if_present(acc, key, params[key], &{:ok, Params.truthy_param?(&1)})
  209.       end)
  210.       |> Maps.put_if_present(:name, params[:display_name])
  211.       |> Maps.put_if_present(:bio, params[:note])
  212.       |> Maps.put_if_present(:raw_bio, params[:note])
  213.       |> Maps.put_if_present(:avatar, params[:avatar], user_image_value)
  214.       |> Maps.put_if_present(:banner, params[:header], user_image_value)
  215.       |> Maps.put_if_present(:background, params[:pleroma_background_image], user_image_value)
  216.       |> Maps.put_if_present(
  217.         :raw_fields,
  218.         params[:fields_attributes],
  219.         &{:ok, normalize_fields_attributes(&1)}
  220.       )
  221.       |> Maps.put_if_present(:pleroma_settings_store, params[:pleroma_settings_store])
  222.       |> Maps.put_if_present(:default_scope, params[:default_scope])
  223.       |> Maps.put_if_present(:default_scope, params["source"]["privacy"])
  224.       |> Maps.put_if_present(:actor_type, params[:bot], fn bot ->
  225.         if bot, do: {:ok, "Service"}, else: {:ok, "Person"}
  226.       end)
  227.       |> Maps.put_if_present(:actor_type, params[:actor_type])
  228.       |> Maps.put_if_present(:also_known_as, params[:also_known_as])
  229.       # Note: param name is indeed :locked (not an error)
  230.       |> Maps.put_if_present(:is_locked, params[:locked])
  231.       # Note: param name is indeed :discoverable (not an error)
  232.       |> Maps.put_if_present(:is_discoverable, params[:discoverable])
  233.       |> Maps.put_if_present(:birthday, params[:birthday])
  234.       |> Maps.put_if_present(:language, Pleroma.Web.Gettext.normalize_locale(params[:language]))
  235.       |> Maps.put_if_present(:avatar_description, params[:avatar_description])
  236.       |> Maps.put_if_present(:header_description, params[:header_description])
  238.     # What happens here:
  239.     #
  240.     # We want to update the user through the pipeline, but the ActivityPub
  241.     # update information is not quite enough for this, because this also
  242.     # contains local settings that don't federate and don't even appear
  243.     # in the Update activity.
  244.     #
  245.     # So we first build the normal local changeset, then apply it to the
  246.     # user data, but don't persist it. With this, we generate the object
  247.     # data for our update activity. We feed this and the changeset as meta
  248.     # information into the pipeline, where they will be properly updated and
  249.     # federated.
  250.     with changeset <- User.update_changeset(user, user_params),
  251.          {:ok, unpersisted_user} <- Ecto.Changeset.apply_action(changeset, :update),
  252.          updated_object <-
  253.            Pleroma.Web.ActivityPub.UserView.render("user.json", user: unpersisted_user)
  254.            |> Map.delete("@context"),
  255.          {:ok, update_data, []} <- Builder.update(user, updated_object),
  256.          {:ok, _update, _} <-
  257.            Pipeline.common_pipeline(update_data,
  258.              local: true,
  259.              user_update_changeset: changeset
  260.            ) do
  261.       render(conn, "show.json",
  262.         user: unpersisted_user,
  263.         for: unpersisted_user,
  264.         with_pleroma_settings: true
  265.       )
  266.     else
  267.       {:error, %Ecto.Changeset{errors: [avatar: {"file is too large", _}]}} ->
  268.         render_error(conn, :request_entity_too_large, "File is too large")
  270.       {:error, %Ecto.Changeset{errors: [banner: {"file is too large", _}]}} ->
  271.         render_error(conn, :request_entity_too_large, "File is too large")
  273.       {:error, %Ecto.Changeset{errors: [background: {"file is too large", _}]}} ->
  274.         render_error(conn, :request_entity_too_large, "File is too large")
  276.       {:error, %Ecto.Changeset{errors: [{:bio, {_, _}} | _]}} ->
  277.         render_error(conn, :request_entity_too_large, "Bio is too long")
  279.       {:error, %Ecto.Changeset{errors: [{:name, {_, _}} | _]}} ->
  280.         render_error(conn, :request_entity_too_large, "Name is too long")
  282.       {:error, %Ecto.Changeset{errors: [{:avatar_description, {_, _}} | _]}} ->
  283.         render_error(conn, :request_entity_too_large, "Avatar description is too long")
  285.       {:error, %Ecto.Changeset{errors: [{:header_description, {_, _}} | _]}} ->
  286.         render_error(conn, :request_entity_too_large, "Banner description is too long")
  288.       {:error, %Ecto.Changeset{errors: [{:fields, {"invalid", _}} | _]}} ->
  289.         render_error(conn, :request_entity_too_large, "One or more field entries are too long")
  291.       {:error, %Ecto.Changeset{errors: [{:fields, {_, _}} | _]}} ->
  292.         render_error(conn, :request_entity_too_large, "Too many field entries")
  294.       _e ->
  295.         render_error(conn, :forbidden, "Invalid request")
  296.     end
  297.   end
  299.   defp normalize_fields_attributes(fields) do
  300.     if(Enum.all?(fields, &is_tuple/1), do: Enum.map(fields, fn {_, v} -> v end), else: fields)
  301.     |> Enum.map(fn
  302.       %{} = field -> %{"name" => field.name, "value" => field.value}
  303.       field -> field
  304.     end)
  305.   end
  307.   @doc "GET /api/v1/accounts/relationships"
  308.   def relationships(
  309.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id}}}} = conn,
  310.         _
  311.       ) do
  312.     targets = User.get_all_by_ids(List.wrap(id))
  314.     render(conn, "relationships.json", user: user, targets: targets)
  315.   end
  317.   # Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
  318.   def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
  320.   @doc "GET /api/v1/accounts/:id"
  321.   def show(
  322.         %{
  323.           assigns: %{user: for_user},
  324.           private: %{open_api_spex: %{params: %{id: nickname_or_id} = params}}
  325.         } = conn,
  326.         _params
  327.       ) do
  328.     with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
  329.          :visible <- User.visible_for(user, for_user) do
  330.       render(conn, "show.json",
  331.         user: user,
  332.         for: for_user,
  333.         embed_relationships: embed_relationships?(params)
  334.       )
  335.     else
  336.       error -> user_visibility_error(conn, error)
  337.     end
  338.   end
  340.   @doc "GET /api/v1/accounts/:id/statuses"
  341.   def statuses(
  342.         %{assigns: %{user: reading_user}, private: %{open_api_spex: %{params: params}}} = conn,
  343.         _params
  344.       ) do
  345.     with %User{} = user <- User.get_cached_by_nickname_or_id(params.id, for: reading_user),
  346.          :visible <- User.visible_for(user, reading_user) do
  347.       params =
  348.         params
  349.         |> Map.delete(:tagged)
  350.         |> Map.put(:tag, params[:tagged])
  352.       activities = ActivityPub.fetch_user_activities(user, reading_user, params)
  354.       conn
  355.       |> add_link_headers(activities)
  356.       |> put_view(StatusView)
  357.       |> render("index.json",
  358.         activities: activities,
  359.         for: reading_user,
  360.         as: :activity,
  361.         with_muted: Map.get(params, :with_muted, false)
  362.       )
  363.     else
  364.       error -> user_visibility_error(conn, error)
  365.     end
  366.   end
  368.   defp user_visibility_error(conn, error) do
  369.     case error do
  370.       :restrict_unauthenticated ->
  371.         render_error(conn, :unauthorized, "This API requires an authenticated user")
  373.       _ ->
  374.         render_error(conn, :not_found, "Can't find user")
  375.     end
  376.   end
  378.   @doc "GET /api/v1/accounts/:id/followers"
  379.   def followers(
  380.         %{assigns: %{user: for_user, account: user}, private: %{open_api_spex: %{params: params}}} =
  381.           conn,
  382.         _params
  383.       ) do
  384.     params =
  385.       params
  386.       |> Enum.map(fn {key, value} -> {to_string(key), value} end)
  387.       |> Enum.into(%{})
  389.     followers =
  390.       cond do
  391.         for_user && user.id == for_user.id -> MastodonAPI.get_followers(user, params)
  392.         user.hide_followers -> []
  393.         true -> MastodonAPI.get_followers(user, params)
  394.       end
  396.     conn
  397.     |> add_link_headers(followers)
  398.     # https://git.pleroma.social/pleroma/pleroma-fe/-/issues/838#note_59223
  399.     |> render("index.json",
  400.       for: for_user,
  401.       users: followers,
  402.       as: :user,
  403.       embed_relationships: embed_relationships?(params)
  404.     )
  405.   end
  407.   @doc "GET /api/v1/accounts/:id/following"
  408.   def following(
  409.         %{assigns: %{user: for_user, account: user}, private: %{open_api_spex: %{params: params}}} =
  410.           conn,
  411.         _params
  412.       ) do
  413.     params =
  414.       params
  415.       |> Enum.map(fn {key, value} -> {to_string(key), value} end)
  416.       |> Enum.into(%{})
  418.     followers =
  419.       cond do
  420.         for_user && user.id == for_user.id -> MastodonAPI.get_friends(user, params)
  421.         user.hide_follows -> []
  422.         true -> MastodonAPI.get_friends(user, params)
  423.       end
  425.     conn
  426.     |> add_link_headers(followers)
  427.     # https://git.pleroma.social/pleroma/pleroma-fe/-/issues/838#note_59223
  428.     |> render("index.json",
  429.       for: for_user,
  430.       users: followers,
  431.       as: :user,
  432.       embed_relationships: embed_relationships?(params)
  433.     )
  434.   end
  436.   @doc "GET /api/v1/accounts/:id/lists"
  437.   def lists(%{assigns: %{user: user, account: account}} = conn, _params) do
  438.     lists = Pleroma.List.get_lists_account_belongs(user, account)
  440.     conn
  441.     |> put_view(ListView)
  442.     |> render("index.json", lists: lists)
  443.   end
  445.   @doc "POST /api/v1/accounts/:id/follow"
  446.   def follow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
  447.     {:error, "Can not follow yourself"}
  448.   end
  450.   def follow(
  451.         %{
  452.           assigns: %{user: follower, account: followed},
  453.           private: %{open_api_spex: %{body_params: params}}
  454.         } = conn,
  455.         _
  456.       ) do
  457.     with {:ok, follower} <- MastodonAPI.follow(follower, followed, params) do
  458.       render(conn, "relationship.json", user: follower, target: followed)
  459.     else
  460.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  461.     end
  462.   end
  464.   @doc "POST /api/v1/accounts/:id/unfollow"
  465.   def unfollow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
  466.     {:error, "Can not unfollow yourself"}
  467.   end
  469.   def unfollow(%{assigns: %{user: follower, account: followed}} = conn, _params) do
  470.     with {:ok, follower} <- CommonAPI.unfollow(followed, follower) do
  471.       render(conn, "relationship.json", user: follower, target: followed)
  472.     end
  473.   end
  475.   @doc "POST /api/v1/accounts/:id/mute"
  476.   def mute(
  477.         %{
  478.           assigns: %{user: muter, account: muted},
  479.           private: %{open_api_spex: %{body_params: params}}
  480.         } = conn,
  481.         _params
  482.       ) do
  483.     params =
  484.       params
  485.       |> Map.put_new(:duration, Map.get(params, :expires_in, 0))
  487.     with {:ok, _user_relationships} <- User.mute(muter, muted, params) do
  488.       render(conn, "relationship.json", user: muter, target: muted)
  489.     else
  490.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  491.     end
  492.   end
  494.   @doc "POST /api/v1/accounts/:id/unmute"
  495.   def unmute(%{assigns: %{user: muter, account: muted}} = conn, _params) do
  496.     with {:ok, _user_relationships} <- User.unmute(muter, muted) do
  497.       render(conn, "relationship.json", user: muter, target: muted)
  498.     else
  499.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  500.     end
  501.   end
  503.   @doc "POST /api/v1/accounts/:id/block"
  504.   def block(%{assigns: %{user: blocker, account: blocked}} = conn, _params) do
  505.     with {:ok, _activity} <- CommonAPI.block(blocked, blocker) do
  506.       render(conn, "relationship.json", user: blocker, target: blocked)
  507.     else
  508.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  509.     end
  510.   end
  512.   @doc "POST /api/v1/accounts/:id/unblock"
  513.   def unblock(%{assigns: %{user: blocker, account: blocked}} = conn, _params) do
  514.     with {:ok, _activity} <- CommonAPI.unblock(blocked, blocker) do
  515.       render(conn, "relationship.json", user: blocker, target: blocked)
  516.     else
  517.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  518.     end
  519.   end
  521.   @doc "POST /api/v1/accounts/:id/note"
  522.   def note(
  523.         %{
  524.           assigns: %{user: noter, account: target},
  525.           private: %{open_api_spex: %{body_params: %{comment: comment}}}
  526.         } = conn,
  527.         _params
  528.       ) do
  529.     with {:ok, _user_note} <- UserNote.create(noter, target, comment) do
  530.       render(conn, "relationship.json", user: noter, target: target)
  531.     end
  532.   end
  534.   @doc "POST /api/v1/accounts/:id/pin"
  535.   def endorse(%{assigns: %{user: endorser, account: endorsed}} = conn, _params) do
  536.     with {:ok, _user_relationships} <- User.endorse(endorser, endorsed) do
  537.       render(conn, "relationship.json", user: endorser, target: endorsed)
  538.     else
  539.       {:error, message} -> json_response(conn, :bad_request, %{error: message})
  540.     end
  541.   end
  543.   @doc "POST /api/v1/accounts/:id/unpin"
  544.   def unendorse(%{assigns: %{user: endorser, account: endorsed}} = conn, _params) do
  545.     with {:ok, _user_relationships} <- User.unendorse(endorser, endorsed) do
  546.       render(conn, "relationship.json", user: endorser, target: endorsed)
  547.     else
  548.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  549.     end
  550.   end
  552.   @doc "POST /api/v1/accounts/:id/remove_from_followers"
  553.   def remove_from_followers(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
  554.     {:error, "Can not unfollow yourself"}
  555.   end
  557.   def remove_from_followers(%{assigns: %{user: followed, account: follower}} = conn, _params) do
  558.     with {:ok, follower} <- CommonAPI.reject_follow_request(follower, followed) do
  559.       render(conn, "relationship.json", user: followed, target: follower)
  560.     else
  561.       nil ->
  562.         render_error(conn, :not_found, "Record not found")
  563.     end
  564.   end
  566.   @doc "POST /api/v1/follows"
  567.   def follow_by_uri(%{private: %{open_api_spex: %{body_params: %{uri: uri}}}} = conn, _) do
  568.     case User.get_cached_by_nickname(uri) do
  569.       %User{} = user ->
  570.         conn
  571.         |> assign(:account, user)
  572.         |> follow(%{})
  574.       nil ->
  575.         {:error, :not_found}
  576.     end
  577.   end
  579.   @doc "GET /api/v1/mutes"
  580.   def mutes(%{assigns: %{user: user}} = conn, params) do
  581.     users =
  582.       user
  583.       |> User.muted_users_relation(_restrict_deactivated = true)
  584.       |> Pleroma.Pagination.fetch_paginated(params)
  586.     conn
  587.     |> add_link_headers(users)
  588.     |> render("index.json",
  589.       users: users,
  590.       for: user,
  591.       as: :user,
  592.       embed_relationships: embed_relationships?(params),
  593.       mutes: true
  594.     )
  595.   end
  597.   @doc "GET /api/v1/blocks"
  598.   def blocks(%{assigns: %{user: user}} = conn, params) do
  599.     users =
  600.       user
  601.       |> User.blocked_users_relation(_restrict_deactivated = true)
  602.       |> Pleroma.Pagination.fetch_paginated(params)
  604.     conn
  605.     |> add_link_headers(users)
  606.     |> render("index.json",
  607.       users: users,
  608.       for: user,
  609.       as: :user,
  610.       embed_relationships: embed_relationships?(params)
  611.     )
  612.   end
  614.   @doc "GET /api/v1/accounts/lookup"
  615.   def lookup(%{private: %{open_api_spex: %{params: %{acct: nickname}}}} = conn, _params) do
  616.     with %User{} = user <- User.get_by_nickname(nickname) do
  617.       render(conn, "show.json",
  618.         user: user,
  619.         skip_visibility_check: true
  620.       )
  621.     else
  622.       error -> user_visibility_error(conn, error)
  623.     end
  624.   end
  626.   @doc "GET /api/v1/endorsements"
  627.   def endorsements(%{assigns: %{user: user}} = conn, params) do
  628.     users =
  629.       user
  630.       |> User.endorsed_users_relation(_restrict_deactivated = true)
  631.       |> Pleroma.Repo.all()
  633.     conn
  634.     |> render("index.json",
  635.       users: users,
  636.       for: user,
  637.       as: :user,
  638.       embed_relationships: embed_relationships?(params)
  639.     )
  640.   end
  642.   @doc "GET /api/v1/accounts/familiar_followers"
  643.   def familiar_followers(
  644.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id}}}} = conn,
  645.         _id
  646.       ) do
  647.     users =
  648.       User.get_all_by_ids(List.wrap(id))
  649.       |> Enum.map(&%{id: &1.id, accounts: get_familiar_followers(&1, user)})
  651.     conn
  652.     |> render("familiar_followers.json",
  653.       for: user,
  654.       users: users,
  655.       as: :user
  656.     )
  657.   end
  659.   defp get_familiar_followers(%{id: id} = user, %{id: id}) do
  660.     User.get_familiar_followers(user, user)
  661.   end
  663.   defp get_familiar_followers(%{hide_followers: true}, _current_user) do
  664.     []
  665.   end
  667.   defp get_familiar_followers(user, current_user) do
  668.     User.get_familiar_followers(user, current_user)
  669.   end
  670. end