logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

status_controller.ex (18584B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.MastodonAPI.StatusController do
  6.   use Pleroma.Web, :controller
  8.   import Pleroma.Web.ControllerHelper,
  9.     only: [try_render: 3, add_link_headers: 2]
  11.   require Ecto.Query
  13.   alias Pleroma.Activity
  14.   alias Pleroma.Bookmark
  15.   alias Pleroma.BookmarkFolder
  16.   alias Pleroma.Object
  17.   alias Pleroma.Repo
  18.   alias Pleroma.ScheduledActivity
  19.   alias Pleroma.User
  20.   alias Pleroma.Web.ActivityPub.ActivityPub
  21.   alias Pleroma.Web.ActivityPub.Visibility
  22.   alias Pleroma.Web.CommonAPI
  23.   alias Pleroma.Web.MastodonAPI.AccountView
  24.   alias Pleroma.Web.MastodonAPI.ScheduledActivityView
  25.   alias Pleroma.Web.OAuth.Token
  26.   alias Pleroma.Web.Plugs.OAuthScopesPlug
  27.   alias Pleroma.Web.Plugs.RateLimiter
  29.   plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false)
  31.   plug(:skip_public_check when action in [:index, :show])
  33.   @unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
  35.   plug(
  36.     OAuthScopesPlug,
  37.     %{@unauthenticated_access | scopes: ["read:statuses"]}
  38.     when action in [
  39.            :index,
  40.            :show,
  41.            :context,
  42.            :show_history,
  43.            :show_source
  44.          ]
  45.   )
  47.   plug(
  48.     OAuthScopesPlug,
  49.     %{scopes: ["write:statuses"]}
  50.     when action in [
  51.            :create,
  52.            :delete,
  53.            :reblog,
  54.            :unreblog,
  55.            :update
  56.          ]
  57.   )
  59.   plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
  61.   plug(
  62.     OAuthScopesPlug,
  63.     %{scopes: ["write:favourites"]} when action in [:favourite, :unfavourite]
  64.   )
  66.   plug(
  67.     OAuthScopesPlug,
  68.     %{scopes: ["write:mutes"]} when action in [:mute_conversation, :unmute_conversation]
  69.   )
  71.   plug(
  72.     OAuthScopesPlug,
  73.     %{@unauthenticated_access | scopes: ["read:accounts"]}
  74.     when action in [:favourited_by, :reblogged_by]
  75.   )
  77.   plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action in [:pin, :unpin])
  79.   # Note: scope not present in Mastodon: read:bookmarks
  80.   plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
  82.   # Note: scope not present in Mastodon: write:bookmarks
  83.   plug(
  84.     OAuthScopesPlug,
  85.     %{scopes: ["write:bookmarks"]} when action in [:bookmark, :unbookmark]
  86.   )
  88.   @rate_limited_status_actions ~w(reblog unreblog favourite unfavourite create delete)a
  90.   plug(
  91.     RateLimiter,
  92.     [name: :status_id_action, bucket_name: "status_id_action:reblog_unreblog", params: [:id]]
  93.     when action in ~w(reblog unreblog)a
  94.   )
  96.   plug(
  97.     RateLimiter,
  98.     [name: :status_id_action, bucket_name: "status_id_action:fav_unfav", params: [:id]]
  99.     when action in ~w(favourite unfavourite)a
  100.   )
  102.   plug(RateLimiter, [name: :statuses_actions] when action in @rate_limited_status_actions)
  104.   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
  106.   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.StatusOperation
  108.   @doc """
  109.   GET `/api/v1/statuses?ids[]=1&ids[]=2`
  111.   `ids` query param is required
  112.   """
  113.   def index(
  114.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: params}}} =
  115.           conn,
  116.         _
  117.       ) do
  118.     ids = Map.get(params, :id, Map.get(params, :ids))
  119.     limit = 100
  121.     activities =
  122.       ids
  123.       |> Enum.take(limit)
  124.       |> Activity.all_by_ids_with_object()
  125.       |> Enum.filter(&Visibility.visible_for_user?(&1, user))
  127.     render(conn, "index.json",
  128.       activities: activities,
  129.       for: user,
  130.       as: :activity,
  131.       with_muted: Map.get(params, :with_muted, false)
  132.     )
  133.   end
  135.   @doc """
  136.   POST /api/v1/statuses
  137.   """
  138.   # Creates a scheduled status when `scheduled_at` param is present and it's far enough
  139.   def create(
  140.         %{
  141.           assigns: %{user: user},
  142.           private: %{
  143.             open_api_spex: %{body_params: %{status: _, scheduled_at: scheduled_at} = params}
  144.           }
  145.         } = conn,
  146.         _
  147.       )
  148.       when not is_nil(scheduled_at) do
  149.     params =
  150.       Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id])
  151.       |> put_application(conn)
  153.     attrs = %{
  154.       params: Map.new(params, fn {key, value} -> {to_string(key), value} end),
  155.       scheduled_at: scheduled_at
  156.     }
  158.     with {:far_enough, true} <- {:far_enough, ScheduledActivity.far_enough?(scheduled_at)},
  159.          {:ok, scheduled_activity} <- ScheduledActivity.create(user, attrs) do
  160.       conn
  161.       |> put_view(ScheduledActivityView)
  162.       |> render("show.json", scheduled_activity: scheduled_activity)
  163.     else
  164.       {:far_enough, _} ->
  165.         params = Map.drop(params, [:scheduled_at])
  167.         put_in(
  168.           conn,
  169.           [Access.key(:private), Access.key(:open_api_spex), Access.key(:body_params)],
  170.           params
  171.         )
  172.         |> do_create
  174.       error ->
  175.         error
  176.     end
  177.   end
  179.   # Creates a regular status
  180.   def create(
  181.         %{
  182.           private: %{open_api_spex: %{body_params: %{status: _}}}
  183.         } = conn,
  184.         _
  185.       ) do
  186.     do_create(conn)
  187.   end
  189.   def create(
  190.         %{
  191.           assigns: %{user: _user},
  192.           private: %{open_api_spex: %{body_params: %{media_ids: _} = params}}
  193.         } = conn,
  194.         _
  195.       ) do
  196.     params = Map.put(params, :status, "")
  198.     put_in(
  199.       conn,
  200.       [Access.key(:private), Access.key(:open_api_spex), Access.key(:body_params)],
  201.       params
  202.     )
  203.     |> do_create
  204.   end
  206.   defp do_create(
  207.          %{assigns: %{user: user}, private: %{open_api_spex: %{body_params: params}}} = conn
  208.        ) do
  209.     params =
  210.       Map.put(params, :in_reply_to_status_id, params[:in_reply_to_id])
  211.       |> put_application(conn)
  213.     with {:ok, activity} <- CommonAPI.post(user, params) do
  214.       try_render(conn, "show.json",
  215.         activity: activity,
  216.         for: user,
  217.         as: :activity,
  218.         with_direct_conversation_id: true
  219.       )
  220.     else
  221.       {:error, {:reject, message}} ->
  222.         conn
  223.         |> put_status(:unprocessable_entity)
  224.         |> json(%{error: message})
  226.       {:error, message} ->
  227.         conn
  228.         |> put_status(:unprocessable_entity)
  229.         |> json(%{error: message})
  230.     end
  231.   end
  233.   @doc "GET /api/v1/statuses/:id/history"
  234.   def show_history(
  235.         %{assigns: assigns, private: %{open_api_spex: %{params: %{id: id} = params}}} = conn,
  236.         _
  237.       ) do
  238.     with user = assigns[:user],
  239.          %Activity{} = activity <- Activity.get_by_id_with_object(id),
  240.          true <- Visibility.visible_for_user?(activity, user) do
  241.       try_render(conn, "history.json",
  242.         activity: activity,
  243.         for: user,
  244.         with_direct_conversation_id: true,
  245.         with_muted: Map.get(params, :with_muted, false)
  246.       )
  247.     else
  248.       _ -> {:error, :not_found}
  249.     end
  250.   end
  252.   @doc "GET /api/v1/statuses/:id/source"
  253.   def show_source(%{assigns: assigns, private: %{open_api_spex: %{params: %{id: id}}}} = conn, _) do
  254.     with user = assigns[:user],
  255.          %Activity{} = activity <- Activity.get_by_id_with_object(id),
  256.          true <- Visibility.visible_for_user?(activity, user) do
  257.       try_render(conn, "source.json",
  258.         activity: activity,
  259.         for: user
  260.       )
  261.     else
  262.       _ -> {:error, :not_found}
  263.     end
  264.   end
  266.   @doc "PUT /api/v1/statuses/:id"
  267.   def update(
  268.         %{
  269.           assigns: %{user: user},
  270.           private: %{open_api_spex: %{body_params: body_params, params: %{id: id} = params}}
  271.         } = conn,
  272.         _
  273.       ) do
  274.     with {_, %Activity{}} = {_, activity} <- {:activity, Activity.get_by_id_with_object(id)},
  275.          {_, true} <- {:visible, Visibility.visible_for_user?(activity, user)},
  276.          {_, true} <- {:is_create, activity.data["type"] == "Create"},
  277.          actor <- Activity.user_actor(activity),
  278.          {_, true} <- {:own_status, actor.id == user.id},
  279.          changes <- body_params |> put_application(conn),
  280.          {_, {:ok, _update_activity}} <- {:pipeline, CommonAPI.update(activity, user, changes)},
  281.          {_, %Activity{}} = {_, activity} <- {:refetched, Activity.get_by_id_with_object(id)} do
  282.       try_render(conn, "show.json",
  283.         activity: activity,
  284.         for: user,
  285.         with_direct_conversation_id: true,
  286.         with_muted: Map.get(params, :with_muted, false)
  287.       )
  288.     else
  289.       {:own_status, _} -> {:error, :forbidden}
  290.       {:pipeline, _} -> {:error, :internal_server_error}
  291.       _ -> {:error, :not_found}
  292.     end
  293.   end
  295.   @doc "GET /api/v1/statuses/:id"
  296.   def show(
  297.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id} = params}}} =
  298.           conn,
  299.         _
  300.       ) do
  301.     with %Activity{} = activity <- Activity.get_by_id_with_object(id),
  302.          true <- Visibility.visible_for_user?(activity, user) do
  303.       try_render(conn, "show.json",
  304.         activity: activity,
  305.         for: user,
  306.         with_direct_conversation_id: true,
  307.         with_muted: Map.get(params, :with_muted, false)
  308.       )
  309.     else
  310.       _ -> {:error, :not_found}
  311.     end
  312.   end
  314.   @doc "DELETE /api/v1/statuses/:id"
  315.   def delete(%{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id}}}} = conn, _) do
  316.     with %Activity{} = activity <- Activity.get_by_id_with_object(id),
  317.          {:ok, %Activity{}} <- CommonAPI.delete(id, user) do
  318.       try_render(conn, "show.json",
  319.         activity: activity,
  320.         for: user,
  321.         with_direct_conversation_id: true,
  322.         with_source: true
  323.       )
  324.     else
  325.       _e -> {:error, :not_found}
  326.     end
  327.   end
  329.   @doc "POST /api/v1/statuses/:id/reblog"
  330.   def reblog(
  331.         %{
  332.           assigns: %{user: user},
  333.           private: %{open_api_spex: %{body_params: params, params: %{id: ap_id_or_id}}}
  334.         } = conn,
  335.         _
  336.       ) do
  337.     with {:ok, announce} <- CommonAPI.repeat(ap_id_or_id, user, params),
  338.          %Activity{} = announce <- Activity.normalize(announce.data) do
  339.       try_render(conn, "show.json", %{activity: announce, for: user, as: :activity})
  340.     end
  341.   end
  343.   @doc "POST /api/v1/statuses/:id/unreblog"
  344.   def unreblog(
  345.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: activity_id}}}} =
  346.           conn,
  347.         _
  348.       ) do
  349.     with {:ok, _unannounce} <- CommonAPI.unrepeat(activity_id, user),
  350.          %Activity{} = activity <- Activity.get_by_id(activity_id) do
  351.       try_render(conn, "show.json", %{activity: activity, for: user, as: :activity})
  352.     end
  353.   end
  355.   @doc "POST /api/v1/statuses/:id/favourite"
  356.   def favourite(
  357.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: activity_id}}}} =
  358.           conn,
  359.         _
  360.       ) do
  361.     with {:ok, _fav} <- CommonAPI.favorite(activity_id, user),
  362.          %Activity{} = activity <- Activity.get_by_id(activity_id) do
  363.       try_render(conn, "show.json", activity: activity, for: user, as: :activity)
  364.     end
  365.   end
  367.   @doc "POST /api/v1/statuses/:id/unfavourite"
  368.   def unfavourite(
  369.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: activity_id}}}} =
  370.           conn,
  371.         _
  372.       ) do
  373.     with {:ok, _unfav} <- CommonAPI.unfavorite(activity_id, user),
  374.          %Activity{} = activity <- Activity.get_by_id(activity_id) do
  375.       try_render(conn, "show.json", activity: activity, for: user, as: :activity)
  376.     end
  377.   end
  379.   @doc "POST /api/v1/statuses/:id/pin"
  380.   def pin(
  381.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: ap_id_or_id}}}} =
  382.           conn,
  383.         _
  384.       ) do
  385.     with {:ok, activity} <- CommonAPI.pin(ap_id_or_id, user) do
  386.       try_render(conn, "show.json", activity: activity, for: user, as: :activity)
  387.     else
  388.       {:error, :pinned_statuses_limit_reached} ->
  389.         {:error, "You have already pinned the maximum number of statuses"}
  391.       {:error, :ownership_error} ->
  392.         {:error, :unprocessable_entity, "Someone else's status cannot be pinned"}
  394.       {:error, :visibility_error} ->
  395.         {:error, :unprocessable_entity, "Non-public status cannot be pinned"}
  397.       error ->
  398.         error
  399.     end
  400.   end
  402.   @doc "POST /api/v1/statuses/:id/unpin"
  403.   def unpin(
  404.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: ap_id_or_id}}}} =
  405.           conn,
  406.         _
  407.       ) do
  408.     with {:ok, activity} <- CommonAPI.unpin(ap_id_or_id, user) do
  409.       try_render(conn, "show.json", activity: activity, for: user, as: :activity)
  410.     end
  411.   end
  413.   @doc "POST /api/v1/statuses/:id/bookmark"
  414.   def bookmark(
  415.         %{
  416.           assigns: %{user: user},
  417.           private: %{open_api_spex: %{body_params: body_params, params: %{id: id}}}
  418.         } = conn,
  419.         _
  420.       ) do
  421.     with %Activity{} = activity <- Activity.get_by_id_with_object(id),
  422.          %User{} = user <- User.get_cached_by_nickname(user.nickname),
  423.          true <- Visibility.visible_for_user?(activity, user),
  424.          folder_id <- Map.get(body_params, :folder_id, nil),
  425.          folder_id <-
  426.            if(folder_id && BookmarkFolder.belongs_to_user?(folder_id, user.id),
  427.              do: folder_id,
  428.              else: nil
  429.            ),
  430.          {:ok, _bookmark} <- Bookmark.create(user.id, activity.id, folder_id) do
  431.       try_render(conn, "show.json", activity: activity, for: user, as: :activity)
  432.     end
  433.   end
  435.   @doc "POST /api/v1/statuses/:id/unbookmark"
  436.   def unbookmark(
  437.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id}}}} = conn,
  438.         _
  439.       ) do
  440.     with %Activity{} = activity <- Activity.get_by_id_with_object(id),
  441.          %User{} = user <- User.get_cached_by_nickname(user.nickname),
  442.          true <- Visibility.visible_for_user?(activity, user),
  443.          {:ok, _bookmark} <- Bookmark.destroy(user.id, activity.id) do
  444.       try_render(conn, "show.json", activity: activity, for: user, as: :activity)
  445.     end
  446.   end
  448.   @doc "POST /api/v1/statuses/:id/mute"
  449.   def mute_conversation(
  450.         %{
  451.           assigns: %{user: user},
  452.           private: %{open_api_spex: %{body_params: params, params: %{id: id}}}
  453.         } = conn,
  454.         _
  455.       ) do
  456.     with %Activity{} = activity <- Activity.get_by_id(id),
  457.          {:ok, activity} <- CommonAPI.add_mute(activity, user, params) do
  458.       try_render(conn, "show.json", activity: activity, for: user, as: :activity)
  459.     end
  460.   end
  462.   @doc "POST /api/v1/statuses/:id/unmute"
  463.   def unmute_conversation(
  464.         %{
  465.           assigns: %{user: user},
  466.           private: %{open_api_spex: %{params: %{id: id}}}
  467.         } = conn,
  468.         _
  469.       ) do
  470.     with %Activity{} = activity <- Activity.get_by_id(id),
  471.          {:ok, activity} <- CommonAPI.remove_mute(activity, user) do
  472.       try_render(conn, "show.json", activity: activity, for: user, as: :activity)
  473.     end
  474.   end
  476.   @doc "GET /api/v1/statuses/:id/favourited_by"
  477.   def favourited_by(
  478.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id}}}} = conn,
  479.         _
  480.       ) do
  481.     with true <- Pleroma.Config.get([:instance, :show_reactions]),
  482.          %Activity{} = activity <- Activity.get_by_id_with_object(id),
  483.          {:visible, true} <- {:visible, Visibility.visible_for_user?(activity, user)},
  484.          %Object{data: %{"likes" => likes}} <- Object.normalize(activity, fetch: false) do
  485.       users =
  486.         User
  487.         |> Ecto.Query.where([u], u.ap_id in ^likes)
  488.         |> Repo.all()
  489.         |> Enum.filter(&(not User.blocks?(user, &1)))
  491.       conn
  492.       |> put_view(AccountView)
  493.       |> render("index.json", for: user, users: users, as: :user)
  494.     else
  495.       {:visible, false} -> {:error, :not_found}
  496.       _ -> json(conn, [])
  497.     end
  498.   end
  500.   @doc "GET /api/v1/statuses/:id/reblogged_by"
  501.   def reblogged_by(
  502.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id}}}} = conn,
  503.         _
  504.       ) do
  505.     with %Activity{} = activity <- Activity.get_by_id_with_object(id),
  506.          {:visible, true} <- {:visible, Visibility.visible_for_user?(activity, user)},
  507.          %Object{data: %{"announcements" => announces, "id" => ap_id}} <-
  508.            Object.normalize(activity, fetch: false) do
  509.       announces =
  510.         "Announce"
  511.         |> Activity.Queries.by_type()
  512.         |> Ecto.Query.where([a], a.actor in ^announces)
  513.         # this is to use the index
  514.         |> Activity.Queries.by_object_id(ap_id)
  515.         |> Repo.all()
  516.         |> Enum.filter(&Visibility.visible_for_user?(&1, user))
  517.         |> Enum.map(& &1.actor)
  518.         |> Enum.uniq()
  520.       users =
  521.         User
  522.         |> Ecto.Query.where([u], u.ap_id in ^announces)
  523.         |> Repo.all()
  524.         |> Enum.filter(&(not User.blocks?(user, &1)))
  526.       conn
  527.       |> put_view(AccountView)
  528.       |> render("index.json", for: user, users: users, as: :user)
  529.     else
  530.       {:visible, false} -> {:error, :not_found}
  531.       _ -> json(conn, [])
  532.     end
  533.   end
  535.   @doc "GET /api/v1/statuses/:id/context"
  536.   def context(
  537.         %{assigns: %{user: user}, private: %{open_api_spex: %{params: %{id: id}}}} = conn,
  538.         _
  539.       ) do
  540.     with %Activity{} = activity <- Activity.get_by_id(id) do
  541.       activities =
  542.         ActivityPub.fetch_activities_for_context(activity.data["context"], %{
  543.           blocking_user: user,
  544.           user: user,
  545.           exclude_id: activity.id
  546.         })
  548.       render(conn, "context.json", activity: activity, activities: activities, user: user)
  549.     end
  550.   end
  552.   @doc "GET /api/v1/favourites"
  553.   def favourites(
  554.         %{assigns: %{user: %User{} = user}, private: %{open_api_spex: %{params: params}}} = conn,
  555.         _
  556.       ) do
  557.     activities = ActivityPub.fetch_favourites(user, params)
  559.     conn
  560.     |> add_link_headers(activities)
  561.     |> render("index.json",
  562.       activities: activities,
  563.       for: user,
  564.       as: :activity
  565.     )
  566.   end
  568.   @doc "GET /api/v1/bookmarks"
  569.   def bookmarks(%{assigns: %{user: user}, private: %{open_api_spex: %{params: params}}} = conn, _) do
  570.     user = User.get_cached_by_id(user.id)
  571.     folder_id = Map.get(params, :folder_id)
  573.     bookmarks =
  574.       user.id
  575.       |> Bookmark.for_user_query(folder_id)
  576.       |> Pleroma.Pagination.fetch_paginated(params)
  578.     activities =
  579.       bookmarks
  580.       |> Enum.map(fn b -> Map.put(b.activity, :bookmark, Map.delete(b, :activity)) end)
  582.     conn
  583.     |> add_link_headers(bookmarks)
  584.     |> render("index.json",
  585.       activities: activities,
  586.       for: user,
  587.       as: :activity
  588.     )
  589.   end
  591.   defp put_application(params, %{assigns: %{token: %Token{user: %User{} = user} = token}} = _conn) do
  592.     if user.disclose_client do
  593.       %{client_name: client_name, website: website} = Repo.preload(token, :app).app
  594.       Map.put(params, :generator, %{type: "Application", name: client_name, url: website})
  595.     else
  596.       Map.put(params, :generator, nil)
  597.     end
  598.   end
  600.   defp put_application(params, _), do: Map.put(params, :generator, nil)
  601. end