logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

timeline_controller.ex (6691B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.MastodonAPI.TimelineController do
  6.   use Pleroma.Web, :controller
  8.   import Pleroma.Web.ControllerHelper,
  9.     only: [add_link_headers: 2, add_link_headers: 3]
  11.   alias Pleroma.Config
  12.   alias Pleroma.Pagination
  13.   alias Pleroma.User
  14.   alias Pleroma.Web.ActivityPub.ActivityPub
  15.   alias Pleroma.Web.Plugs.OAuthScopesPlug
  16.   alias Pleroma.Web.Plugs.RateLimiter
  18.   plug(Pleroma.Web.ApiSpec.CastAndValidate)
  19.   plug(:skip_public_check when action in [:public, :hashtag])
  21.   # TODO: Replace with a macro when there is a Phoenix release with the following commit in it:
  22.   # https://github.com/phoenixframework/phoenix/commit/2e8c63c01fec4dde5467dbbbf9705ff9e780735e
  24.   plug(RateLimiter, [name: :timeline, bucket_name: :direct_timeline] when action == :direct)
  25.   plug(RateLimiter, [name: :timeline, bucket_name: :public_timeline] when action == :public)
  26.   plug(RateLimiter, [name: :timeline, bucket_name: :home_timeline] when action == :home)
  27.   plug(RateLimiter, [name: :timeline, bucket_name: :hashtag_timeline] when action == :hashtag)
  28.   plug(RateLimiter, [name: :timeline, bucket_name: :list_timeline] when action == :list)
  30.   plug(OAuthScopesPlug, %{scopes: ["read:statuses"]} when action in [:home, :direct])
  31.   plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :list)
  33.   plug(
  34.     OAuthScopesPlug,
  35.     %{scopes: ["read:statuses"], fallback: :proceed_unauthenticated}
  36.     when action in [:public, :hashtag]
  37.   )
  39.   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.TimelineOperation
  41.   # GET /api/v1/timelines/home
  42.   def home(%{assigns: %{user: user}} = conn, params) do
  43.     params =
  44.       params
  45.       |> Map.put(:type, ["Create", "Announce"])
  46.       |> Map.put(:blocking_user, user)
  47.       |> Map.put(:muting_user, user)
  48.       |> Map.put(:reply_filtering_user, user)
  49.       |> Map.put(:announce_filtering_user, user)
  50.       |> Map.put(:user, user)
  51.       |> Map.put(:local_only, params[:local])
  52.       |> Map.delete(:local)
  54.     activities =
  55.       [user.ap_id | User.following(user)]
  56.       |> ActivityPub.fetch_activities(params)
  57.       |> Enum.reverse()
  59.     conn
  60.     |> add_link_headers(activities)
  61.     |> render("index.json",
  62.       activities: activities,
  63.       for: user,
  64.       as: :activity,
  65.       with_muted: Map.get(params, :with_muted, false)
  66.     )
  67.   end
  69.   # GET /api/v1/timelines/direct
  70.   def direct(%{assigns: %{user: user}} = conn, params) do
  71.     params =
  72.       params
  73.       |> Map.put(:type, "Create")
  74.       |> Map.put(:blocking_user, user)
  75.       |> Map.put(:user, user)
  76.       |> Map.put(:visibility, "direct")
  78.     activities =
  79.       [user.ap_id]
  80.       |> ActivityPub.fetch_activities_query(params)
  81.       |> Pagination.fetch_paginated(params)
  83.     conn
  84.     |> add_link_headers(activities)
  85.     |> render("index.json",
  86.       activities: activities,
  87.       for: user,
  88.       as: :activity
  89.     )
  90.   end
  92.   defp restrict_unauthenticated?(true = _local_only) do
  93.     Config.restrict_unauthenticated_access?(:timelines, :local)
  94.   end
  96.   defp restrict_unauthenticated?(_) do
  97.     Config.restrict_unauthenticated_access?(:timelines, :federated)
  98.   end
  100.   # GET /api/v1/timelines/public
  101.   def public(%{assigns: %{user: user}} = conn, params) do
  102.     local_only = params[:local]
  104.     if is_nil(user) and restrict_unauthenticated?(local_only) do
  105.       fail_on_bad_auth(conn)
  106.     else
  107.       activities =
  108.         params
  109.         |> Map.put(:type, ["Create"])
  110.         |> Map.put(:local_only, local_only)
  111.         |> Map.put(:blocking_user, user)
  112.         |> Map.put(:muting_user, user)
  113.         |> Map.put(:reply_filtering_user, user)
  114.         |> Map.put(:instance, params[:instance])
  115.         # Restricts unfederated content to authenticated users
  116.         |> Map.put(:includes_local_public, not is_nil(user))
  117.         |> ActivityPub.fetch_public_activities()
  119.       conn
  120.       |> add_link_headers(activities, %{"local" => local_only})
  121.       |> render("index.json",
  122.         activities: activities,
  123.         for: user,
  124.         as: :activity,
  125.         with_muted: Map.get(params, :with_muted, false)
  126.       )
  127.     end
  128.   end
  130.   defp fail_on_bad_auth(conn) do
  131.     render_error(conn, :unauthorized, "authorization required for timeline view")
  132.   end
  134.   defp hashtag_fetching(params, user, local_only) do
  135.     # Note: not sanitizing tag options at this stage (may be mix-cased, have duplicates etc.)
  136.     tags_any =
  137.       [params[:tag], params[:any]]
  138.       |> List.flatten()
  139.       |> Enum.filter(& &1)
  141.     tag_all = Map.get(params, :all, [])
  142.     tag_reject = Map.get(params, :none, [])
  144.     params
  145.     |> Map.put(:type, "Create")
  146.     |> Map.put(:local_only, local_only)
  147.     |> Map.put(:blocking_user, user)
  148.     |> Map.put(:muting_user, user)
  149.     |> Map.put(:user, user)
  150.     |> Map.put(:tag, tags_any)
  151.     |> Map.put(:tag_all, tag_all)
  152.     |> Map.put(:tag_reject, tag_reject)
  153.     |> ActivityPub.fetch_public_activities()
  154.   end
  156.   # GET /api/v1/timelines/tag/:tag
  157.   def hashtag(%{assigns: %{user: user}} = conn, params) do
  158.     local_only = params[:local]
  160.     if is_nil(user) and restrict_unauthenticated?(local_only) do
  161.       fail_on_bad_auth(conn)
  162.     else
  163.       activities = hashtag_fetching(params, user, local_only)
  165.       conn
  166.       |> add_link_headers(activities, %{"local" => local_only})
  167.       |> render("index.json",
  168.         activities: activities,
  169.         for: user,
  170.         as: :activity,
  171.         with_muted: Map.get(params, :with_muted, false)
  172.       )
  173.     end
  174.   end
  176.   # GET /api/v1/timelines/list/:list_id
  177.   def list(%{assigns: %{user: user}} = conn, %{list_id: id} = params) do
  178.     with %Pleroma.List{title: _title, following: following} <- Pleroma.List.get(id, user) do
  179.       params =
  180.         params
  181.         |> Map.put(:type, "Create")
  182.         |> Map.put(:blocking_user, user)
  183.         |> Map.put(:user, user)
  184.         |> Map.put(:muting_user, user)
  185.         |> Map.put(:local_only, params[:local])
  187.       # we must filter the following list for the user to avoid leaking statuses the user
  188.       # does not actually have permission to see (for more info, peruse security issue #270).
  190.       user_following = User.following(user)
  192.       activities =
  193.         following
  194.         |> Enum.filter(fn x -> x in user_following end)
  195.         |> ActivityPub.fetch_activities_bounded(following, params)
  196.         |> Enum.reverse()
  198.       conn
  199.       |> add_link_headers(activities)
  200.       |> render("index.json",
  201.         activities: activities,
  202.         for: user,
  203.         as: :activity,
  204.         with_muted: Map.get(params, :with_muted, false)
  205.       )
  206.     else
  207.       _e -> render_error(conn, :forbidden, "Error.")
  208.     end
  209.   end
  210. end