logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

account_controller.ex (22810B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.MastodonAPI.AccountController do
  6.   use Pleroma.Web, :controller
  8.   import Pleroma.Web.ControllerHelper,
  9.     only: [
  10.       add_link_headers: 2,
  11.       assign_account_by_id: 2,
  12.       embed_relationships?: 1,
  13.       json_response: 3
  14.     ]
  16.   alias Pleroma.Maps
  17.   alias Pleroma.User
  18.   alias Pleroma.UserNote
  19.   alias Pleroma.Web.ActivityPub.ActivityPub
  20.   alias Pleroma.Web.ActivityPub.Builder
  21.   alias Pleroma.Web.ActivityPub.Pipeline
  22.   alias Pleroma.Web.CommonAPI
  23.   alias Pleroma.Web.MastodonAPI.ListView
  24.   alias Pleroma.Web.MastodonAPI.MastodonAPI
  25.   alias Pleroma.Web.MastodonAPI.StatusView
  26.   alias Pleroma.Web.OAuth.OAuthController
  27.   alias Pleroma.Web.Plugs.OAuthScopesPlug
  28.   alias Pleroma.Web.Plugs.RateLimiter
  29.   alias Pleroma.Web.TwitterAPI.TwitterAPI
  30.   alias Pleroma.Web.Utils.Params
  32.   plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false)
  34.   plug(:skip_auth when action in [:create])
  36.   plug(:skip_public_check when action in [:show, :statuses])
  38.   plug(
  39.     OAuthScopesPlug,
  40.     %{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]}
  41.     when action in [:show, :followers, :following, :lookup, :endorsements]
  42.   )
  44.   plug(
  45.     OAuthScopesPlug,
  46.     %{fallback: :proceed_unauthenticated, scopes: ["read:statuses"]}
  47.     when action == :statuses
  48.   )
  50.   plug(
  51.     OAuthScopesPlug,
  52.     %{scopes: ["read:accounts"]}
  53.     when action in [:verify_credentials, :endorsements, :own_endorsements]
  54.   )
  56.   plug(
  57.     OAuthScopesPlug,
  58.     %{scopes: ["write:accounts"]}
  59.     when action in [:update_credentials, :note, :endorse, :unendorse]
  60.   )
  62.   plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists)
  64.   plug(
  65.     OAuthScopesPlug,
  66.     %{scopes: ["follow", "read:blocks"]} when action == :blocks
  67.   )
  69.   plug(
  70.     OAuthScopesPlug,
  71.     %{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock]
  72.   )
  74.   plug(
  75.     OAuthScopesPlug,
  76.     %{scopes: ["read:follows"]} when action in [:relationships, :familiar_followers]
  77.   )
  79.   plug(
  80.     OAuthScopesPlug,
  81.     %{scopes: ["follow", "write:follows"]}
  82.     when action in [:follow_by_uri, :follow, :unfollow, :remove_from_followers]
  83.   )
  85.   plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
  87.   plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
  89.   @relationship_actions [:follow, :unfollow, :remove_from_followers]
  90.   @needs_account ~W(
  91.     followers following lists follow unfollow mute unmute block unblock
  92.     note endorse unendorse endorsements remove_from_followers
  93.   )a
  95.   plug(
  96.     RateLimiter,
  97.     [name: :relation_id_action, params: ["id", "uri"]] when action in @relationship_actions
  98.   )
  100.   plug(RateLimiter, [name: :relations_actions] when action in @relationship_actions)
  101.   plug(RateLimiter, [name: :app_account_creation] when action == :create)
  102.   plug(:assign_account_by_id when action in @needs_account)
  104.   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
  106.   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AccountOperation
  108.   @doc "POST /api/v1/accounts"
  109.   def create(
  110.         %{assigns: %{app: app}, private: %{open_api_spex: %{body_params: params}}} = conn,
  111.         _params
  112.       ) do
  113.     with :ok <- validate_email_param(params),
  114.          :ok <- TwitterAPI.validate_captcha(app, params),
  115.          {:ok, user} <- TwitterAPI.register_user(params),
  116.          {_, {:ok, token}} <-
  117.            {:login, OAuthController.login(user, app, app.scopes)} do
  118.       OAuthController.after_token_exchange(conn, %{user: user, token: token})
  119.     else
  120.       {:login, {:account_status, :confirmation_pending}} ->
  121.         json_response(conn, :ok, %{
  122.           message: "You have been registered. Please check your email for further instructions.",
  123.           identifier: "missing_confirmed_email"
  124.         })
  126.       {:login, {:account_status, :approval_pending}} ->
  127.         json_response(conn, :ok, %{
  128.           message:
  129.             "You have been registered. You'll be able to log in once your account is approved.",
  130.           identifier: "awaiting_approval"
  131.         })
  133.       {:login, _} ->
  134.         json_response(conn, :ok, %{
  135.           message:
  136.             "You have been registered. Some post-registration steps may be pending. " <>
  137.               "Please log in manually.",
  138.           identifier: "manual_login_required"
  139.         })
  141.       {:error, error} ->
  142.         json_response(conn, :bad_request, %{error: error})
  143.     end
  144.   end
  146.   def create(%{assigns: %{app: _app}} = conn, _) do
  147.     render_error(conn, :bad_request, "Missing parameters")
  148.   end
  150.   def create(conn, _) do
  151.     render_error(conn, :forbidden, "Invalid credentials")
  152.   end
  154.   defp validate_email_param(%{email: email}) when not is_nil(email), do: :ok
  156.   defp validate_email_param(_) do
  157.     case Pleroma.Config.get([:instance, :account_activation_required]) do
  158.       true -> {:error, dgettext("errors", "Missing parameter: %{name}", name: "email")}
  159.       _ -> :ok
  160.     end
  161.   end
  163.   @doc "GET /api/v1/accounts/verify_credentials"
  164.   def verify_credentials(%{assigns: %{user: user}} = conn, _) do
  165.     chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
  167.     render(conn, "show.json",
  168.       user: user,
  169.       for: user,
  170.       with_pleroma_settings: true,
  171.       with_chat_token: chat_token
  172.     )
  173.   end
  175.   @doc "PATCH /api/v1/accounts/update_credentials"
  176.   def update_credentials(
  177.         %{assigns: %{user: user}, private: %{open_api_spex: %{body_params: params}}} = conn,
  178.         _params
  179.       ) do
  180.     params =
  181.       params
  182.       |> Enum.filter(fn {_, value} -> not is_nil(value) end)
  183.       |> Enum.into(%{})
  185.     # We use an empty string as a special value to reset
  186.     # avatars, banners, backgrounds
  187.     user_image_value = fn
  188.       "" -> {:ok, nil}
  189.       value -> {:ok, value}
  190.     end
  192.     user_params =
  193.       [
  194.         :no_rich_text,
  195.         :hide_followers_count,
  196.         :hide_follows_count,
  197.         :hide_followers,
  198.         :hide_follows,
  199.         :hide_favorites,
  200.         :show_role,
  201.         :skip_thread_containment,
  202.         :allow_following_move,
  203.         :also_known_as,
  204.         :accepts_chat_messages,
  205.         :show_birthday
  206.       ]
  207.       |> Enum.reduce(%{}, fn key, acc ->
  208.         Maps.put_if_present(acc, key, params[key], &{:ok, Params.truthy_param?(&1)})
  209.       end)
  210.       |> Maps.put_if_present(:name, params[:display_name])
  211.       |> Maps.put_if_present(:bio, params[:note])
  212.       |> Maps.put_if_present(:raw_bio, params[:note])
  213.       |> Maps.put_if_present(:avatar, params[:avatar], user_image_value)
  214.       |> Maps.put_if_present(:banner, params[:header], user_image_value)
  215.       |> Maps.put_if_present(:background, params[:pleroma_background_image], user_image_value)
  216.       |> Maps.put_if_present(
  217.         :raw_fields,
  218.         params[:fields_attributes],
  219.         &{:ok, normalize_fields_attributes(&1)}
  220.       )
  221.       |> Maps.put_if_present(:pleroma_settings_store, params[:pleroma_settings_store])
  222.       |> Maps.put_if_present(:default_scope, params[:default_scope])
  223.       |> Maps.put_if_present(:default_scope, params["source"]["privacy"])
  224.       |> Maps.put_if_present(:actor_type, params[:bot], fn bot ->
  225.         if bot, do: {:ok, "Service"}, else: {:ok, "Person"}
  226.       end)
  227.       |> Maps.put_if_present(:actor_type, params[:actor_type])
  228.       |> Maps.put_if_present(:also_known_as, params[:also_known_as])
  229.       # Note: param name is indeed :locked (not an error)
  230.       |> Maps.put_if_present(:is_locked, params[:locked])
  231.       # Note: param name is indeed :discoverable (not an error)
  232.       |> Maps.put_if_present(:is_discoverable, params[:discoverable])
  233.       |> Maps.put_if_present(:birthday, params[:birthday])
  234.       |> Maps.put_if_present(:language, Pleroma.Web.Gettext.normalize_locale(params[:language]))
  235.       |> Maps.put_if_present(:avatar_description, params[:avatar_description])
  236.       |> Maps.put_if_present(:header_description, params[:header_description])
  238.     # What happens here:
  239.     #
  240.     # We want to update the user through the pipeline, but the ActivityPub
  241.     # update information is not quite enough for this, because this also
  242.     # contains local settings that don't federate and don't even appear
  243.     # in the Update activity.
  244.     #
  245.     # So we first build the normal local changeset, then apply it to the
  246.     # user data, but don't persist it. With this, we generate the object
  247.     # data for our update activity. We feed this and the changeset as meta
  248.     # information into the pipeline, where they will be properly updated and
  249.     # federated.
  250.     with changeset <- User.update_changeset(user, user_params),
  251.          {:ok, unpersisted_user} <- Ecto.Changeset.apply_action(changeset, :update),
  252.          updated_object <-
  253.            Pleroma.Web.ActivityPub.UserView.render("user.json", user: unpersisted_user)
  254.            |> Map.delete("@context"),
  255.          {:ok, update_data, []} <- Builder.update(user, updated_object),
  256.          {:ok, _update, _} <-
  257.            Pipeline.common_pipeline(update_data,
  258.              local: true,
  259.              user_update_changeset: changeset
  260.            ) do
  261.       render(conn, "show.json",
  262.         user: unpersisted_user,
  263.         for: unpersisted_user,
  264.         with_pleroma_settings: true
  265.       )
  266.     else
  267.       {:error, %Ecto.Changeset{errors: [avatar: {"file is too large", _}]}} ->
  268.         render_error(conn, :request_entity_too_large, "File is too large")
  270.       {:error, %Ecto.Changeset{errors: [banner: {"file is too large", _}]}} ->
  271.         render_error(conn, :request_entity_too_large, "File is too large")
  273.       {:error, %Ecto.Changeset{errors: [background: {"file is too large", _}]}} ->
  274.         render_error(conn, :request_entity_too_large, "File is too large")
  276.       {:error, %Ecto.Changeset{errors: [{:bio, {_, _}} | _]}} ->
  277.         render_error(conn, :request_entity_too_large, "Bio is too long")
  279.       {:error, %Ecto.Changeset{errors: [{:name, {_, _}} | _]}} ->
  280.         render_error(conn, :request_entity_too_large, "Name is too long")
  282.       {:error, %Ecto.Changeset{errors: [{:avatar_description, {_, _}} | _]}} ->
  283.         render_error(conn, :request_entity_too_large, "Avatar description is too long")
  285.       {:error, %Ecto.Changeset{errors: [{:header_description, {_, _}} | _]}} ->
  286.         render_error(conn, :request_entity_too_large, "Banner description is too long")
  288.       {:error, %Ecto.Changeset{errors: [{:fields, {"invalid", _}} | _]}} ->
  289.         render_error(conn, :request_entity_too_large, "One or more field entries are too long")
  291.       {:error, %Ecto.Changeset{errors: [{:fields, {_, _}} | _]}} ->
  292.         render_error(conn, :request_entity_too_large, "Too many field entries")
  294.       _e ->
  295.         render_error(conn, :forbidden, "Invalid request")
  296.     end
  297.   end
  299.   defp normalize_fields_attributes(fields) do
  300.     if(Enum.all?(fields, &is_tuple/1), do: Enum.map(fields, fn {_, v} -> v end), else: fields)
  301.     |> Enum.map(fn
  302.       %{} = field -> %{"name" => field.name, "value" => field.value}
  303.       field -> field
  304.     end)
  305.   end
  307.   @doc "GET /api/v1/accounts/relationships"
  308.   def relationships(
  309.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id}}}} = conn,
  310.         _
  311.       ) do
  312.     targets = User.get_all_by_ids(List.wrap(id))
  314.     render(conn, "relationships.json", user: user, targets: targets)
  315.   end
  317.   # Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
  318.   def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
  320.   @doc "GET /api/v1/accounts/:id"
  321.   def show(
  322.         %{
  323.           assigns: %{user: for_user},
  324.           private: %{open_api_spex: %{params: %{id: nickname_or_id} = params}}
  325.         } = conn,
  326.         _params
  327.       ) do
  328.     with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
  329.          :visible <- User.visible_for(user, for_user) do
  330.       render(conn, "show.json",
  331.         user: user,
  332.         for: for_user,
  333.         embed_relationships: embed_relationships?(params)
  334.       )
  335.     else
  336.       error -> user_visibility_error(conn, error)
  337.     end
  338.   end
  340.   @doc "GET /api/v1/accounts/:id/statuses"
  341.   def statuses(
  342.         %{assigns: %{user: reading_user}, private: %{open_api_spex: %{params: params}}} = conn,
  343.         _params
  344.       ) do
  345.     with %User{} = user <- User.get_cached_by_nickname_or_id(params.id, for: reading_user),
  346.          :visible <- User.visible_for(user, reading_user) do
  347.       params =
  348.         params
  349.         |> Map.delete(:tagged)
  350.         |> Map.put(:tag, params[:tagged])
  352.       activities = ActivityPub.fetch_user_activities(user, reading_user, params)
  354.       conn
  355.       |> add_link_headers(activities)
  356.       |> put_view(StatusView)
  357.       |> render("index.json",
  358.         activities: activities,
  359.         for: reading_user,
  360.         as: :activity,
  361.         with_muted: Map.get(params, :with_muted, false)
  362.       )
  363.     else
  364.       error -> user_visibility_error(conn, error)
  365.     end
  366.   end
  368.   defp user_visibility_error(conn, error) do
  369.     case error do
  370.       :restrict_unauthenticated ->
  371.         render_error(conn, :unauthorized, "This API requires an authenticated user")
  373.       _ ->
  374.         render_error(conn, :not_found, "Can't find user")
  375.     end
  376.   end
  378.   @doc "GET /api/v1/accounts/:id/followers"
  379.   def followers(
  380.         %{assigns: %{user: for_user, account: user}, private: %{open_api_spex: %{params: params}}} =
  381.           conn,
  382.         _params
  383.       ) do
  384.     params =
  385.       params
  386.       |> Enum.map(fn {key, value} -> {to_string(key), value} end)
  387.       |> Enum.into(%{})
  389.     followers =
  390.       cond do
  391.         for_user && user.id == for_user.id -> MastodonAPI.get_followers(user, params)
  392.         user.hide_followers -> []
  393.         true -> MastodonAPI.get_followers(user, params)
  394.       end
  396.     conn
  397.     |> add_link_headers(followers)
  398.     # https://git.pleroma.social/pleroma/pleroma-fe/-/issues/838#note_59223
  399.     |> render("index.json",
  400.       for: for_user,
  401.       users: followers,
  402.       as: :user,
  403.       embed_relationships: embed_relationships?(params)
  404.     )
  405.   end
  407.   @doc "GET /api/v1/accounts/:id/following"
  408.   def following(
  409.         %{assigns: %{user: for_user, account: user}, private: %{open_api_spex: %{params: params}}} =
  410.           conn,
  411.         _params
  412.       ) do
  413.     params =
  414.       params
  415.       |> Enum.map(fn {key, value} -> {to_string(key), value} end)
  416.       |> Enum.into(%{})
  418.     followers =
  419.       cond do
  420.         for_user && user.id == for_user.id -> MastodonAPI.get_friends(user, params)
  421.         user.hide_follows -> []
  422.         true -> MastodonAPI.get_friends(user, params)
  423.       end
  425.     conn
  426.     |> add_link_headers(followers)
  427.     # https://git.pleroma.social/pleroma/pleroma-fe/-/issues/838#note_59223
  428.     |> render("index.json",
  429.       for: for_user,
  430.       users: followers,
  431.       as: :user,
  432.       embed_relationships: embed_relationships?(params)
  433.     )
  434.   end
  436.   @doc "GET /api/v1/accounts/:id/lists"
  437.   def lists(%{assigns: %{user: user, account: account}} = conn, _params) do
  438.     lists = Pleroma.List.get_lists_account_belongs(user, account)
  440.     conn
  441.     |> put_view(ListView)
  442.     |> render("index.json", lists: lists)
  443.   end
  445.   @doc "POST /api/v1/accounts/:id/follow"
  446.   def follow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
  447.     {:error, "Can not follow yourself"}
  448.   end
  450.   def follow(
  451.         %{
  452.           assigns: %{user: follower, account: followed},
  453.           private: %{open_api_spex: %{body_params: params}}
  454.         } = conn,
  455.         _
  456.       ) do
  457.     with {:ok, follower} <- MastodonAPI.follow(follower, followed, params) do
  458.       render(conn, "relationship.json", user: follower, target: followed)
  459.     else
  460.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  461.     end
  462.   end
  464.   @doc "POST /api/v1/accounts/:id/unfollow"
  465.   def unfollow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
  466.     {:error, "Can not unfollow yourself"}
  467.   end
  469.   def unfollow(%{assigns: %{user: follower, account: followed}} = conn, _params) do
  470.     with {:ok, follower} <- CommonAPI.unfollow(followed, follower) do
  471.       render(conn, "relationship.json", user: follower, target: followed)
  472.     end
  473.   end
  475.   @doc "POST /api/v1/accounts/:id/mute"
  476.   def mute(
  477.         %{
  478.           assigns: %{user: muter, account: muted},
  479.           private: %{open_api_spex: %{body_params: params}}
  480.         } = conn,
  481.         _params
  482.       ) do
  483.     params =
  484.       params
  485.       |> Map.put_new(:duration, Map.get(params, :expires_in, 0))
  487.     with {:ok, _user_relationships} <- User.mute(muter, muted, params) do
  488.       render(conn, "relationship.json", user: muter, target: muted)
  489.     else
  490.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  491.     end
  492.   end
  494.   @doc "POST /api/v1/accounts/:id/unmute"
  495.   def unmute(%{assigns: %{user: muter, account: muted}} = conn, _params) do
  496.     with {:ok, _user_relationships} <- User.unmute(muter, muted) do
  497.       render(conn, "relationship.json", user: muter, target: muted)
  498.     else
  499.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  500.     end
  501.   end
  503.   @doc "POST /api/v1/accounts/:id/block"
  504.   def block(
  505.         %{
  506.           assigns: %{user: blocker, account: blocked},
  507.           private: %{open_api_spex: %{body_params: params}}
  508.         } = conn,
  509.         _params
  510.       ) do
  511.     with {:ok, _activity} <- CommonAPI.block(blocked, blocker, params) do
  512.       render(conn, "relationship.json", user: blocker, target: blocked)
  513.     else
  514.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  515.     end
  516.   end
  518.   @doc "POST /api/v1/accounts/:id/unblock"
  519.   def unblock(%{assigns: %{user: blocker, account: blocked}} = conn, _params) do
  520.     with {:ok, _activity} <- CommonAPI.unblock(blocked, blocker) do
  521.       render(conn, "relationship.json", user: blocker, target: blocked)
  522.     else
  523.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  524.     end
  525.   end
  527.   @doc "POST /api/v1/accounts/:id/note"
  528.   def note(
  529.         %{
  530.           assigns: %{user: noter, account: target},
  531.           private: %{open_api_spex: %{body_params: %{comment: comment}}}
  532.         } = conn,
  533.         _params
  534.       ) do
  535.     with {:ok, _user_note} <- UserNote.create(noter, target, comment) do
  536.       render(conn, "relationship.json", user: noter, target: target)
  537.     end
  538.   end
  540.   @doc "POST /api/v1/accounts/:id/pin"
  541.   def endorse(%{assigns: %{user: endorser, account: endorsed}} = conn, _params) do
  542.     with {:ok, _user_relationships} <- User.endorse(endorser, endorsed) do
  543.       render(conn, "relationship.json", user: endorser, target: endorsed)
  544.     else
  545.       {:error, message} -> json_response(conn, :bad_request, %{error: message})
  546.     end
  547.   end
  549.   @doc "POST /api/v1/accounts/:id/unpin"
  550.   def unendorse(%{assigns: %{user: endorser, account: endorsed}} = conn, _params) do
  551.     with {:ok, _user_relationships} <- User.unendorse(endorser, endorsed) do
  552.       render(conn, "relationship.json", user: endorser, target: endorsed)
  553.     else
  554.       {:error, message} -> json_response(conn, :forbidden, %{error: message})
  555.     end
  556.   end
  558.   @doc "GET /api/v1/accounts/:id/endorsements"
  559.   def endorsements(%{assigns: %{user: for_user, account: user}} = conn, params) do
  560.     users =
  561.       user
  562.       |> User.endorsed_users_relation(_restrict_deactivated = true)
  563.       |> Pleroma.Repo.all()
  565.     conn
  566.     |> render("index.json",
  567.       for: for_user,
  568.       users: users,
  569.       as: :user,
  570.       embed_relationships: embed_relationships?(params)
  571.     )
  572.   end
  574.   @doc "POST /api/v1/accounts/:id/remove_from_followers"
  575.   def remove_from_followers(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
  576.     {:error, "Can not unfollow yourself"}
  577.   end
  579.   def remove_from_followers(%{assigns: %{user: followed, account: follower}} = conn, _params) do
  580.     with {:ok, follower} <- CommonAPI.reject_follow_request(follower, followed) do
  581.       render(conn, "relationship.json", user: followed, target: follower)
  582.     else
  583.       nil ->
  584.         render_error(conn, :not_found, "Record not found")
  585.     end
  586.   end
  588.   @doc "POST /api/v1/follows"
  589.   def follow_by_uri(%{private: %{open_api_spex: %{body_params: %{uri: uri}}}} = conn, _) do
  590.     case User.get_cached_by_nickname(uri) do
  591.       %User{} = user ->
  592.         conn
  593.         |> assign(:account, user)
  594.         |> follow(%{})
  596.       nil ->
  597.         {:error, :not_found}
  598.     end
  599.   end
  601.   @doc "GET /api/v1/mutes"
  602.   def mutes(%{assigns: %{user: user}} = conn, params) do
  603.     users =
  604.       user
  605.       |> User.muted_users_relation(_restrict_deactivated = true)
  606.       |> Pleroma.Pagination.fetch_paginated(params)
  608.     conn
  609.     |> add_link_headers(users)
  610.     |> render("index.json",
  611.       users: users,
  612.       for: user,
  613.       as: :user,
  614.       embed_relationships: embed_relationships?(params),
  615.       mutes: true
  616.     )
  617.   end
  619.   @doc "GET /api/v1/blocks"
  620.   def blocks(%{assigns: %{user: user}} = conn, params) do
  621.     users =
  622.       user
  623.       |> User.blocked_users_relation(_restrict_deactivated = true)
  624.       |> Pleroma.Pagination.fetch_paginated(params)
  626.     conn
  627.     |> add_link_headers(users)
  628.     |> render("index.json",
  629.       users: users,
  630.       for: user,
  631.       as: :user,
  632.       embed_relationships: embed_relationships?(params),
  633.       blocks: true
  634.     )
  635.   end
  637.   @doc "GET /api/v1/accounts/lookup"
  638.   def lookup(
  639.         %{assigns: %{user: for_user}, private: %{open_api_spex: %{params: %{acct: nickname}}}} =
  640.           conn,
  641.         _params
  642.       ) do
  643.     with %User{} = user <- User.get_by_nickname(nickname),
  644.          :visible <- User.visible_for(user, for_user) do
  645.       render(conn, "show.json",
  646.         user: user,
  647.         skip_visibility_check: true
  648.       )
  649.     else
  650.       error -> user_visibility_error(conn, error)
  651.     end
  652.   end
  654.   @doc "GET /api/v1/endorsements"
  655.   def own_endorsements(%{assigns: %{user: user}} = conn, params) do
  656.     users =
  657.       user
  658.       |> User.endorsed_users_relation(_restrict_deactivated = true)
  659.       |> Pleroma.Repo.all()
  661.     conn
  662.     |> render("index.json",
  663.       users: users,
  664.       for: user,
  665.       as: :user,
  666.       embed_relationships: embed_relationships?(params)
  667.     )
  668.   end
  670.   @doc "GET /api/v1/accounts/familiar_followers"
  671.   def familiar_followers(
  672.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id}}}} = conn,
  673.         _id
  674.       ) do
  675.     users =
  676.       User.get_all_by_ids(List.wrap(id))
  677.       |> Enum.map(&%{id: &1.id, accounts: get_familiar_followers(&1, user)})
  679.     conn
  680.     |> render("familiar_followers.json",
  681.       for: user,
  682.       users: users,
  683.       as: :user
  684.     )
  685.   end
  687.   defp get_familiar_followers(%{id: id} = user, %{id: id}) do
  688.     User.get_familiar_followers(user, user)
  689.   end
  691.   defp get_familiar_followers(%{hide_followers: true}, _current_user) do
  692.     []
  693.   end
  695.   defp get_familiar_followers(user, current_user) do
  696.     User.get_familiar_followers(user, current_user)
  697.   end
  698. end