logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

router.ex (36308B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.Router do
  6.   use Pleroma.Web, :router
  7.   import Phoenix.LiveDashboard.Router
  9.   pipeline :accepts_html do
  10.     plug(:accepts, ["html"])
  11.   end
  13.   pipeline :accepts_html_xml do
  14.     plug(:accepts, ["html", "xml", "rss", "atom"])
  15.   end
  17.   pipeline :accepts_html_json do
  18.     plug(:accepts, ["html", "activity+json", "json"])
  19.   end
  21.   pipeline :accepts_html_xml_json do
  22.     plug(:accepts, ["html", "xml", "rss", "atom", "activity+json", "json"])
  23.   end
  25.   pipeline :accepts_xml_rss_atom do
  26.     plug(:accepts, ["xml", "rss", "atom"])
  27.   end
  29.   pipeline :browser do
  30.     plug(:accepts, ["html"])
  31.     plug(:fetch_session)
  32.   end
  34.   pipeline :oauth do
  35.     plug(:fetch_session)
  36.     plug(Pleroma.Web.Plugs.OAuthPlug)
  37.     plug(Pleroma.Web.Plugs.UserEnabledPlug)
  38.     plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)
  39.   end
  41.   # Note: expects _user_ authentication (user-unbound app-bound tokens don't qualify)
  42.   pipeline :expect_user_authentication do
  43.     plug(Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug)
  44.   end
  46.   # Note: expects public instance or _user_ authentication (user-unbound tokens don't qualify)
  47.   pipeline :expect_public_instance_or_user_authentication do
  48.     plug(Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug)
  49.   end
  51.   pipeline :authenticate do
  52.     plug(Pleroma.Web.Plugs.OAuthPlug)
  53.     plug(Pleroma.Web.Plugs.BasicAuthDecoderPlug)
  54.     plug(Pleroma.Web.Plugs.UserFetcherPlug)
  55.     plug(Pleroma.Web.Plugs.AuthenticationPlug)
  56.   end
  58.   pipeline :after_auth do
  59.     plug(Pleroma.Web.Plugs.UserEnabledPlug)
  60.     plug(Pleroma.Web.Plugs.SetUserSessionIdPlug)
  61.     plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)
  62.     plug(Pleroma.Web.Plugs.UserTrackingPlug)
  63.   end
  65.   pipeline :base_api do
  66.     plug(:accepts, ["json"])
  67.     plug(:fetch_session)
  68.     plug(:authenticate)
  69.     plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
  70.   end
  72.   pipeline :no_auth_or_privacy_expectations_api do
  73.     plug(:base_api)
  74.     plug(:after_auth)
  75.     plug(Pleroma.Web.Plugs.IdempotencyPlug)
  76.   end
  78.   # Pipeline for app-related endpoints (no user auth checks — app-bound tokens must be supported)
  79.   pipeline :app_api do
  80.     plug(:no_auth_or_privacy_expectations_api)
  81.   end
  83.   pipeline :api do
  84.     plug(:expect_public_instance_or_user_authentication)
  85.     plug(:no_auth_or_privacy_expectations_api)
  86.   end
  88.   pipeline :authenticated_api do
  89.     plug(:expect_user_authentication)
  90.     plug(:no_auth_or_privacy_expectations_api)
  91.     plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
  92.   end
  94.   pipeline :admin_api do
  95.     plug(:expect_user_authentication)
  96.     plug(:base_api)
  97.     plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug)
  98.     plug(:after_auth)
  99.     plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
  100.     plug(Pleroma.Web.Plugs.UserIsStaffPlug)
  101.     plug(Pleroma.Web.Plugs.IdempotencyPlug)
  102.   end
  104.   pipeline :require_admin do
  105.     plug(Pleroma.Web.Plugs.UserIsAdminPlug)
  106.   end
  108.   pipeline :require_privileged_role_users_delete do
  109.     plug(:admin_api)
  110.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_delete)
  111.   end
  113.   pipeline :require_privileged_role_users_manage_credentials do
  114.     plug(:admin_api)
  115.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_credentials)
  116.   end
  118.   pipeline :require_privileged_role_messages_read do
  119.     plug(:admin_api)
  120.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :messages_read)
  121.   end
  123.   pipeline :require_privileged_role_users_manage_tags do
  124.     plug(:admin_api)
  125.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_tags)
  126.   end
  128.   pipeline :require_privileged_role_users_manage_activation_state do
  129.     plug(:admin_api)
  130.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_activation_state)
  131.   end
  133.   pipeline :require_privileged_role_users_manage_invites do
  134.     plug(:admin_api)
  135.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_manage_invites)
  136.   end
  138.   pipeline :require_privileged_role_reports_manage_reports do
  139.     plug(:admin_api)
  140.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :reports_manage_reports)
  141.   end
  143.   pipeline :require_privileged_role_users_read do
  144.     plug(:admin_api)
  145.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :users_read)
  146.   end
  148.   pipeline :require_privileged_role_messages_delete do
  149.     plug(:admin_api)
  150.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :messages_delete)
  151.   end
  153.   pipeline :require_privileged_role_emoji_manage_emoji do
  154.     plug(:admin_api)
  155.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :emoji_manage_emoji)
  156.   end
  158.   pipeline :require_privileged_role_instances_delete do
  159.     plug(:admin_api)
  160.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :instances_delete)
  161.   end
  163.   pipeline :require_privileged_role_moderation_log_read do
  164.     plug(:admin_api)
  165.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :moderation_log_read)
  166.   end
  168.   pipeline :require_privileged_role_statistics_read do
  169.     plug(:admin_api)
  170.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :statistics_read)
  171.   end
  173.   pipeline :require_privileged_role_announcements_manage_announcements do
  174.     plug(:admin_api)
  175.     plug(Pleroma.Web.Plugs.EnsurePrivilegedPlug, :announcements_manage_announcements)
  176.   end
  178.   pipeline :pleroma_html do
  179.     plug(:browser)
  180.     plug(:authenticate)
  181.     plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)
  182.   end
  184.   pipeline :well_known do
  185.     plug(:accepts, ["json", "jrd", "jrd+json", "xml", "xrd+xml"])
  186.   end
  188.   pipeline :config do
  189.     plug(:accepts, ["json", "xml"])
  190.     plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
  191.   end
  193.   pipeline :pleroma_api do
  194.     plug(:accepts, ["html", "json"])
  195.     plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
  196.   end
  198.   pipeline :mailbox_preview do
  199.     plug(:accepts, ["html"])
  201.     plug(:put_secure_browser_headers, %{
  202.       "content-security-policy" =>
  203.         "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'"
  204.     })
  205.   end
  207.   pipeline :http_signature do
  208.     plug(Pleroma.Web.Plugs.HTTPSignaturePlug)
  209.     plug(Pleroma.Web.Plugs.MappedSignatureToIdentityPlug)
  210.   end
  212.   pipeline :static_fe do
  213.     plug(Pleroma.Web.Plugs.StaticFEPlug)
  214.   end
  216.   scope "/api/v1/pleroma", Pleroma.Web.TwitterAPI do
  217.     pipe_through(:pleroma_api)
  219.     get("/password_reset/:token", PasswordController, :reset, as: :reset_password)
  220.     post("/password_reset", PasswordController, :do_reset, as: :reset_password)
  221.     get("/emoji", UtilController, :emoji)
  222.     get("/captcha", UtilController, :captcha)
  223.     get("/healthcheck", UtilController, :healthcheck)
  224.     post("/remote_interaction", UtilController, :remote_interaction)
  225.   end
  227.   scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
  228.     pipe_through(:pleroma_api)
  230.     get("/federation_status", InstancesController, :show)
  231.   end
  233.   scope "/api/v1/pleroma", Pleroma.Web do
  234.     pipe_through(:pleroma_api)
  235.     post("/uploader_callback/:upload_path", UploaderController, :callback)
  236.   end
  238.   # AdminAPI: only admins can perform these actions
  239.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  240.     pipe_through([:admin_api, :require_admin])
  242.     get("/users/:nickname/permission_group", AdminAPIController, :right_get)
  243.     get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
  245.     post("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_add)
  247.     delete(
  248.       "/users/:nickname/permission_group/:permission_group",
  249.       AdminAPIController,
  250.       :right_delete
  251.     )
  253.     post("/users/permission_group/:permission_group", AdminAPIController, :right_add_multiple)
  255.     delete(
  256.       "/users/permission_group/:permission_group",
  257.       AdminAPIController,
  258.       :right_delete_multiple
  259.     )
  261.     post("/users/follow", UserController, :follow)
  262.     post("/users/unfollow", UserController, :unfollow)
  263.     post("/users", UserController, :create)
  265.     patch("/users/suggest", UserController, :suggest)
  266.     patch("/users/unsuggest", UserController, :unsuggest)
  268.     get("/relay", RelayController, :index)
  269.     post("/relay", RelayController, :follow)
  270.     delete("/relay", RelayController, :unfollow)
  272.     get("/instance_document/:name", InstanceDocumentController, :show)
  273.     patch("/instance_document/:name", InstanceDocumentController, :update)
  274.     delete("/instance_document/:name", InstanceDocumentController, :delete)
  276.     get("/config", ConfigController, :show)
  277.     post("/config", ConfigController, :update)
  278.     get("/config/descriptions", ConfigController, :descriptions)
  279.     get("/need_reboot", AdminAPIController, :need_reboot)
  280.     get("/restart", AdminAPIController, :restart)
  282.     get("/oauth_app", OAuthAppController, :index)
  283.     post("/oauth_app", OAuthAppController, :create)
  284.     patch("/oauth_app/:id", OAuthAppController, :update)
  285.     delete("/oauth_app/:id", OAuthAppController, :delete)
  287.     get("/media_proxy_caches", MediaProxyCacheController, :index)
  288.     post("/media_proxy_caches/delete", MediaProxyCacheController, :delete)
  289.     post("/media_proxy_caches/purge", MediaProxyCacheController, :purge)
  291.     get("/frontends", FrontendController, :index)
  292.     post("/frontends/install", FrontendController, :install)
  294.     post("/backups", AdminAPIController, :create_backup)
  295.   end
  297.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  298.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  299.     pipe_through(:require_privileged_role_announcements_manage_announcements)
  301.     get("/announcements", AnnouncementController, :index)
  302.     post("/announcements", AnnouncementController, :create)
  303.     get("/announcements/:id", AnnouncementController, :show)
  304.     patch("/announcements/:id", AnnouncementController, :change)
  305.     delete("/announcements/:id", AnnouncementController, :delete)
  306.   end
  308.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  309.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  310.     pipe_through(:require_privileged_role_users_delete)
  312.     delete("/users", UserController, :delete)
  313.   end
  315.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  316.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  317.     pipe_through(:require_privileged_role_users_manage_credentials)
  319.     get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)
  320.     get("/users/:nickname/credentials", AdminAPIController, :show_user_credentials)
  321.     patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials)
  322.     put("/users/disable_mfa", AdminAPIController, :disable_mfa)
  323.     patch("/users/force_password_reset", AdminAPIController, :force_password_reset)
  324.     patch("/users/confirm_email", AdminAPIController, :confirm_email)
  325.     patch("/users/resend_confirmation_email", AdminAPIController, :resend_confirmation_email)
  326.   end
  328.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  329.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  330.     pipe_through(:require_privileged_role_messages_read)
  332.     get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses)
  333.     get("/users/:nickname/chats", AdminAPIController, :list_user_chats)
  335.     get("/statuses", StatusController, :index)
  337.     get("/chats/:id", ChatController, :show)
  338.     get("/chats/:id/messages", ChatController, :messages)
  340.     get("/instances/:instance/statuses", InstanceController, :list_statuses)
  342.     get("/statuses/:id", StatusController, :show)
  343.   end
  345.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  346.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  347.     pipe_through(:require_privileged_role_users_manage_tags)
  349.     put("/users/tag", AdminAPIController, :tag_users)
  350.     delete("/users/tag", AdminAPIController, :untag_users)
  351.   end
  353.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  354.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  355.     pipe_through(:require_privileged_role_users_manage_activation_state)
  357.     patch("/users/:nickname/toggle_activation", UserController, :toggle_activation)
  358.     patch("/users/activate", UserController, :activate)
  359.     patch("/users/deactivate", UserController, :deactivate)
  360.   end
  362.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  363.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  364.     pipe_through(:require_privileged_role_users_manage_invites)
  366.     patch("/users/approve", UserController, :approve)
  367.     post("/users/invite_token", InviteController, :create)
  368.     get("/users/invites", InviteController, :index)
  369.     post("/users/revoke_invite", InviteController, :revoke)
  370.     post("/users/email_invite", InviteController, :email)
  371.   end
  373.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  374.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  375.     pipe_through(:require_privileged_role_reports_manage_reports)
  377.     get("/reports", ReportController, :index)
  378.     get("/reports/:id", ReportController, :show)
  379.     patch("/reports", ReportController, :update)
  380.     post("/reports/:id/notes", ReportController, :notes_create)
  381.     delete("/reports/:report_id/notes/:id", ReportController, :notes_delete)
  382.   end
  384.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  385.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  386.     pipe_through(:require_privileged_role_users_read)
  388.     get("/users", UserController, :index)
  389.     get("/users/:nickname", UserController, :show)
  390.   end
  392.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  393.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  394.     pipe_through(:require_privileged_role_messages_delete)
  396.     put("/statuses/:id", StatusController, :update)
  397.     delete("/statuses/:id", StatusController, :delete)
  399.     delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
  400.   end
  402.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  403.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  404.     pipe_through(:require_privileged_role_emoji_manage_emoji)
  406.     post("/reload_emoji", AdminAPIController, :reload_emoji)
  407.   end
  409.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  410.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  411.     pipe_through(:require_privileged_role_instances_delete)
  413.     delete("/instances/:instance", InstanceController, :delete)
  414.   end
  416.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  417.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  418.     pipe_through(:require_privileged_role_moderation_log_read)
  420.     get("/moderation_log", AdminAPIController, :list_log)
  421.   end
  423.   # AdminAPI: admins and mods (staff) can perform these actions (if privileged by role)
  424.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
  425.     pipe_through(:require_privileged_role_statistics_read)
  427.     get("/stats", AdminAPIController, :stats)
  428.   end
  430.   scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do
  431.     scope "/pack" do
  432.       pipe_through(:require_privileged_role_emoji_manage_emoji)
  434.       post("/", EmojiPackController, :create)
  435.       patch("/", EmojiPackController, :update)
  436.       delete("/", EmojiPackController, :delete)
  437.     end
  439.     scope "/pack" do
  440.       pipe_through(:api)
  442.       get("/", EmojiPackController, :show)
  443.     end
  445.     # Modifying packs
  446.     scope "/packs" do
  447.       pipe_through(:require_privileged_role_emoji_manage_emoji)
  449.       get("/import", EmojiPackController, :import_from_filesystem)
  450.       get("/remote", EmojiPackController, :remote)
  451.       post("/download", EmojiPackController, :download)
  453.       post("/files", EmojiFileController, :create)
  454.       patch("/files", EmojiFileController, :update)
  455.       delete("/files", EmojiFileController, :delete)
  456.     end
  458.     # Pack info / downloading
  459.     scope "/packs" do
  460.       pipe_through(:api)
  462.       get("/", EmojiPackController, :index)
  463.       get("/archive", EmojiPackController, :archive)
  464.     end
  465.   end
  467.   scope "/", Pleroma.Web.TwitterAPI do
  468.     pipe_through(:pleroma_html)
  470.     post("/main/ostatus", UtilController, :remote_subscribe)
  471.     get("/main/ostatus", UtilController, :show_subscribe_form)
  472.     get("/ostatus_subscribe", RemoteFollowController, :follow)
  473.     post("/ostatus_subscribe", RemoteFollowController, :do_follow)
  475.     get("/authorize_interaction", RemoteFollowController, :authorize_interaction)
  476.   end
  478.   scope "/api/pleroma", Pleroma.Web.TwitterAPI do
  479.     pipe_through(:authenticated_api)
  481.     post("/change_email", UtilController, :change_email)
  482.     post("/change_password", UtilController, :change_password)
  483.     post("/delete_account", UtilController, :delete_account)
  484.     put("/notification_settings", UtilController, :update_notification_settings)
  485.     post("/disable_account", UtilController, :disable_account)
  486.     post("/move_account", UtilController, :move_account)
  488.     put("/aliases", UtilController, :add_alias)
  489.     get("/aliases", UtilController, :list_aliases)
  490.     delete("/aliases", UtilController, :delete_alias)
  491.   end
  493.   scope "/api/pleroma", Pleroma.Web.PleromaAPI do
  494.     pipe_through(:authenticated_api)
  496.     post("/mutes_import", UserImportController, :mutes)
  497.     post("/blocks_import", UserImportController, :blocks)
  498.     post("/follow_import", UserImportController, :follow)
  500.     get("/accounts/mfa", TwoFactorAuthenticationController, :settings)
  501.     get("/accounts/mfa/backup_codes", TwoFactorAuthenticationController, :backup_codes)
  502.     get("/accounts/mfa/setup/:method", TwoFactorAuthenticationController, :setup)
  503.     post("/accounts/mfa/confirm/:method", TwoFactorAuthenticationController, :confirm)
  504.     delete("/accounts/mfa/:method", TwoFactorAuthenticationController, :disable)
  505.   end
  507.   scope "/oauth", Pleroma.Web.OAuth do
  508.     # Note: use /api/v1/accounts/verify_credentials for userinfo of signed-in user
  510.     get("/registration_details", OAuthController, :registration_details)
  512.     post("/mfa/verify", MFAController, :verify, as: :mfa_verify)
  513.     get("/mfa", MFAController, :show)
  515.     scope [] do
  516.       pipe_through(:oauth)
  518.       get("/authorize", OAuthController, :authorize)
  519.       post("/authorize", OAuthController, :create_authorization)
  520.     end
  522.     scope [] do
  523.       pipe_through(:fetch_session)
  525.       post("/token", OAuthController, :token_exchange)
  526.       post("/revoke", OAuthController, :token_revoke)
  527.       post("/mfa/challenge", MFAController, :challenge)
  528.     end
  530.     scope [] do
  531.       pipe_through(:browser)
  533.       get("/prepare_request", OAuthController, :prepare_request)
  534.       get("/:provider", OAuthController, :request)
  535.       get("/:provider/callback", OAuthController, :callback)
  536.       post("/register", OAuthController, :register)
  537.     end
  538.   end
  540.   scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
  541.     pipe_through(:api)
  543.     get("/apps", AppController, :index)
  544.     get("/statuses/:id/reactions/:emoji", EmojiReactionController, :index)
  545.     get("/statuses/:id/reactions", EmojiReactionController, :index)
  546.   end
  548.   scope "/api/v0/pleroma", Pleroma.Web.PleromaAPI do
  549.     pipe_through(:authenticated_api)
  550.     get("/reports", ReportController, :index)
  551.     get("/reports/:id", ReportController, :show)
  552.   end
  554.   scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
  555.     scope [] do
  556.       pipe_through(:authenticated_api)
  558.       post("/chats/by-account-id/:id", ChatController, :create)
  559.       get("/chats", ChatController, :index)
  560.       get("/chats/:id", ChatController, :show)
  561.       get("/chats/:id/messages", ChatController, :messages)
  562.       post("/chats/:id/messages", ChatController, :post_chat_message)
  563.       delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
  564.       post("/chats/:id/read", ChatController, :mark_as_read)
  565.       post("/chats/:id/messages/:message_id/read", ChatController, :mark_message_as_read)
  567.       get("/conversations/:id/statuses", ConversationController, :statuses)
  568.       get("/conversations/:id", ConversationController, :show)
  569.       post("/conversations/read", ConversationController, :mark_as_read)
  570.       patch("/conversations/:id", ConversationController, :update)
  572.       put("/statuses/:id/reactions/:emoji", EmojiReactionController, :create)
  573.       delete("/statuses/:id/reactions/:emoji", EmojiReactionController, :delete)
  574.       post("/notifications/read", NotificationController, :mark_as_read)
  576.       get("/mascot", MascotController, :show)
  577.       put("/mascot", MascotController, :update)
  579.       post("/scrobble", ScrobbleController, :create)
  581.       get("/backups", BackupController, :index)
  582.       post("/backups", BackupController, :create)
  583.     end
  585.     scope [] do
  586.       pipe_through(:api)
  587.       get("/accounts/:id/favourites", AccountController, :favourites)
  588.       get("/accounts/:id/endorsements", AccountController, :endorsements)
  590.       get("/statuses/:id/quotes", StatusController, :quotes)
  591.     end
  593.     scope [] do
  594.       pipe_through(:authenticated_api)
  596.       post("/accounts/:id/subscribe", AccountController, :subscribe)
  597.       post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
  599.       get("/birthdays", AccountController, :birthdays)
  600.     end
  602.     scope [] do
  603.       pipe_through(:authenticated_api)
  605.       get("/settings/:app", SettingsController, :show)
  606.       patch("/settings/:app", SettingsController, :update)
  607.     end
  609.     post("/accounts/confirmation_resend", AccountController, :confirmation_resend)
  610.   end
  612.   scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
  613.     pipe_through(:api)
  614.     get("/accounts/:id/scrobbles", ScrobbleController, :index)
  615.   end
  617.   scope "/api/v2/pleroma", Pleroma.Web.PleromaAPI do
  618.     scope [] do
  619.       pipe_through(:authenticated_api)
  620.       get("/chats", ChatController, :index2)
  621.     end
  622.   end
  624.   scope "/api/v1", Pleroma.Web.MastodonAPI do
  625.     pipe_through(:authenticated_api)
  627.     get("/accounts/verify_credentials", AccountController, :verify_credentials)
  628.     patch("/accounts/update_credentials", AccountController, :update_credentials)
  630.     get("/accounts/relationships", AccountController, :relationships)
  631.     get("/accounts/:id/lists", AccountController, :lists)
  632.     get("/accounts/:id/identity_proofs", AccountController, :identity_proofs)
  633.     get("/endorsements", AccountController, :endorsements)
  634.     get("/blocks", AccountController, :blocks)
  635.     get("/mutes", AccountController, :mutes)
  637.     post("/follows", AccountController, :follow_by_uri)
  638.     post("/accounts/:id/follow", AccountController, :follow)
  639.     post("/accounts/:id/unfollow", AccountController, :unfollow)
  640.     post("/accounts/:id/block", AccountController, :block)
  641.     post("/accounts/:id/unblock", AccountController, :unblock)
  642.     post("/accounts/:id/mute", AccountController, :mute)
  643.     post("/accounts/:id/unmute", AccountController, :unmute)
  644.     post("/accounts/:id/note", AccountController, :note)
  645.     post("/accounts/:id/pin", AccountController, :endorse)
  646.     post("/accounts/:id/unpin", AccountController, :unendorse)
  647.     post("/accounts/:id/remove_from_followers", AccountController, :remove_from_followers)
  649.     get("/conversations", ConversationController, :index)
  650.     post("/conversations/:id/read", ConversationController, :mark_as_read)
  651.     delete("/conversations/:id", ConversationController, :delete)
  653.     get("/domain_blocks", DomainBlockController, :index)
  654.     post("/domain_blocks", DomainBlockController, :create)
  655.     delete("/domain_blocks", DomainBlockController, :delete)
  657.     get("/filters", FilterController, :index)
  659.     post("/filters", FilterController, :create)
  660.     get("/filters/:id", FilterController, :show)
  661.     put("/filters/:id", FilterController, :update)
  662.     delete("/filters/:id", FilterController, :delete)
  664.     get("/follow_requests", FollowRequestController, :index)
  665.     post("/follow_requests/:id/authorize", FollowRequestController, :authorize)
  666.     post("/follow_requests/:id/reject", FollowRequestController, :reject)
  668.     get("/lists", ListController, :index)
  669.     get("/lists/:id", ListController, :show)
  670.     get("/lists/:id/accounts", ListController, :list_accounts)
  672.     delete("/lists/:id", ListController, :delete)
  673.     post("/lists", ListController, :create)
  674.     put("/lists/:id", ListController, :update)
  675.     post("/lists/:id/accounts", ListController, :add_to_list)
  676.     delete("/lists/:id/accounts", ListController, :remove_from_list)
  678.     get("/markers", MarkerController, :index)
  679.     post("/markers", MarkerController, :upsert)
  681.     post("/media", MediaController, :create)
  682.     get("/media/:id", MediaController, :show)
  683.     put("/media/:id", MediaController, :update)
  685.     get("/notifications", NotificationController, :index)
  686.     get("/notifications/:id", NotificationController, :show)
  688.     post("/notifications/:id/dismiss", NotificationController, :dismiss)
  689.     post("/notifications/clear", NotificationController, :clear)
  690.     delete("/notifications/destroy_multiple", NotificationController, :destroy_multiple)
  691.     # Deprecated: was removed in Mastodon v3, use `/notifications/:id/dismiss` instead
  692.     post("/notifications/dismiss", NotificationController, :dismiss_via_body)
  694.     post("/polls/:id/votes", PollController, :vote)
  696.     post("/reports", ReportController, :create)
  698.     get("/scheduled_statuses", ScheduledActivityController, :index)
  699.     get("/scheduled_statuses/:id", ScheduledActivityController, :show)
  701.     put("/scheduled_statuses/:id", ScheduledActivityController, :update)
  702.     delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
  704.     # Unlike `GET /api/v1/accounts/:id/favourites`, demands authentication
  705.     get("/favourites", StatusController, :favourites)
  706.     get("/bookmarks", StatusController, :bookmarks)
  708.     post("/statuses", StatusController, :create)
  709.     put("/statuses/:id", StatusController, :update)
  710.     delete("/statuses/:id", StatusController, :delete)
  711.     post("/statuses/:id/reblog", StatusController, :reblog)
  712.     post("/statuses/:id/unreblog", StatusController, :unreblog)
  713.     post("/statuses/:id/favourite", StatusController, :favourite)
  714.     post("/statuses/:id/unfavourite", StatusController, :unfavourite)
  715.     post("/statuses/:id/pin", StatusController, :pin)
  716.     post("/statuses/:id/unpin", StatusController, :unpin)
  717.     post("/statuses/:id/bookmark", StatusController, :bookmark)
  718.     post("/statuses/:id/unbookmark", StatusController, :unbookmark)
  719.     post("/statuses/:id/mute", StatusController, :mute_conversation)
  720.     post("/statuses/:id/unmute", StatusController, :unmute_conversation)
  722.     post("/push/subscription", SubscriptionController, :create)
  723.     get("/push/subscription", SubscriptionController, :show)
  724.     put("/push/subscription", SubscriptionController, :update)
  725.     delete("/push/subscription", SubscriptionController, :delete)
  727.     get("/suggestions", SuggestionController, :index)
  728.     delete("/suggestions/:account_id", SuggestionController, :dismiss)
  730.     get("/timelines/home", TimelineController, :home)
  731.     get("/timelines/direct", TimelineController, :direct)
  732.     get("/timelines/list/:list_id", TimelineController, :list)
  734.     get("/announcements", AnnouncementController, :index)
  735.     post("/announcements/:id/dismiss", AnnouncementController, :mark_read)
  736.   end
  738.   scope "/api/v1", Pleroma.Web.MastodonAPI do
  739.     pipe_through(:app_api)
  741.     post("/apps", AppController, :create)
  742.     get("/apps/verify_credentials", AppController, :verify_credentials)
  743.   end
  745.   scope "/api/v1", Pleroma.Web.MastodonAPI do
  746.     pipe_through(:api)
  748.     get("/accounts/search", SearchController, :account_search)
  749.     get("/search", SearchController, :search)
  751.     get("/accounts/lookup", AccountController, :lookup)
  753.     get("/accounts/:id/statuses", AccountController, :statuses)
  754.     get("/accounts/:id/followers", AccountController, :followers)
  755.     get("/accounts/:id/following", AccountController, :following)
  756.     get("/accounts/:id", AccountController, :show)
  758.     post("/accounts", AccountController, :create)
  760.     get("/instance", InstanceController, :show)
  761.     get("/instance/peers", InstanceController, :peers)
  763.     get("/statuses", StatusController, :index)
  764.     get("/statuses/:id", StatusController, :show)
  765.     get("/statuses/:id/context", StatusController, :context)
  766.     get("/statuses/:id/card", StatusController, :card)
  767.     get("/statuses/:id/favourited_by", StatusController, :favourited_by)
  768.     get("/statuses/:id/reblogged_by", StatusController, :reblogged_by)
  769.     get("/statuses/:id/history", StatusController, :show_history)
  770.     get("/statuses/:id/source", StatusController, :show_source)
  772.     get("/custom_emojis", CustomEmojiController, :index)
  774.     get("/trends", MastodonAPIController, :empty_array)
  776.     get("/timelines/public", TimelineController, :public)
  777.     get("/timelines/tag/:tag", TimelineController, :hashtag)
  779.     get("/polls/:id", PollController, :show)
  781.     get("/directory", DirectoryController, :index)
  782.   end
  784.   scope "/api/v2", Pleroma.Web.MastodonAPI do
  785.     pipe_through(:api)
  787.     get("/search", SearchController, :search2)
  789.     post("/media", MediaController, :create2)
  791.     get("/suggestions", SuggestionController, :index2)
  793.     get("/instance", InstanceController, :show2)
  794.   end
  796.   scope "/api", Pleroma.Web do
  797.     pipe_through(:config)
  799.     get("/pleroma/frontend_configurations", TwitterAPI.UtilController, :frontend_configurations)
  800.   end
  802.   scope "/api", Pleroma.Web do
  803.     pipe_through(:api)
  805.     get(
  806.       "/account/confirm_email/:user_id/:token",
  807.       TwitterAPI.Controller,
  808.       :confirm_email,
  809.       as: :confirm_email
  810.     )
  811.   end
  813.   scope "/api" do
  814.     pipe_through(:base_api)
  816.     get("/openapi", OpenApiSpex.Plug.RenderSpec, [])
  817.   end
  819.   scope "/api", Pleroma.Web, as: :authenticated_twitter_api do
  820.     pipe_through(:authenticated_api)
  822.     get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens)
  823.     delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token)
  824.   end
  826.   scope "/", Pleroma.Web do
  827.     # Note: html format is supported only if static FE is enabled
  828.     # Note: http signature is only considered for json requests (no auth for non-json requests)
  829.     pipe_through([:accepts_html_json, :http_signature, :static_fe])
  831.     get("/objects/:uuid", OStatus.OStatusController, :object)
  832.     get("/activities/:uuid", OStatus.OStatusController, :activity)
  833.     get("/notice/:id", OStatus.OStatusController, :notice)
  835.     # Mastodon compatibility routes
  836.     get("/users/:nickname/statuses/:id", OStatus.OStatusController, :object)
  837.     get("/users/:nickname/statuses/:id/activity", OStatus.OStatusController, :activity)
  838.   end
  840.   scope "/", Pleroma.Web do
  841.     # Note: html format is supported only if static FE is enabled
  842.     # Note: http signature is only considered for json requests (no auth for non-json requests)
  843.     pipe_through([:accepts_html_xml_json, :http_signature, :static_fe])
  845.     # Note: returns user _profile_ for json requests, redirects to user _feed_ for non-json ones
  846.     get("/users/:nickname", Feed.UserController, :feed_redirect, as: :user_feed)
  847.   end
  849.   scope "/", Pleroma.Web do
  850.     pipe_through([:accepts_html_xml])
  852.     get("/users/:nickname/feed", Feed.UserController, :feed, as: :user_feed)
  853.   end
  855.   scope "/", Pleroma.Web do
  856.     pipe_through(:accepts_html)
  857.     get("/notice/:id/embed_player", OStatus.OStatusController, :notice_player)
  858.   end
  860.   scope "/", Pleroma.Web do
  861.     pipe_through(:accepts_xml_rss_atom)
  862.     get("/tags/:tag", Feed.TagController, :feed, as: :tag_feed)
  863.   end
  865.   scope "/", Pleroma.Web do
  866.     pipe_through(:browser)
  867.     get("/mailer/unsubscribe/:token", Mailer.SubscriptionController, :unsubscribe)
  868.   end
  870.   pipeline :ap_service_actor do
  871.     plug(:accepts, ["activity+json", "json"])
  872.   end
  874.   # Server to Server (S2S) AP interactions
  875.   pipeline :activitypub do
  876.     plug(:ap_service_actor)
  877.     plug(:http_signature)
  878.   end
  880.   # Client to Server (C2S) AP interactions
  881.   pipeline :activitypub_client do
  882.     plug(:ap_service_actor)
  883.     plug(:fetch_session)
  884.     plug(:authenticate)
  885.     plug(:after_auth)
  886.   end
  888.   scope "/", Pleroma.Web.ActivityPub do
  889.     pipe_through([:activitypub_client])
  891.     get("/api/ap/whoami", ActivityPubController, :whoami)
  892.     get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
  894.     get("/users/:nickname/outbox", ActivityPubController, :outbox)
  895.     post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
  896.     post("/api/ap/upload_media", ActivityPubController, :upload_media)
  898.     # The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`:
  899.     get("/users/:nickname/followers", ActivityPubController, :followers)
  900.     get("/users/:nickname/following", ActivityPubController, :following)
  901.     get("/users/:nickname/collections/featured", ActivityPubController, :pinned)
  902.   end
  904.   scope "/", Pleroma.Web.ActivityPub do
  905.     pipe_through(:activitypub)
  906.     post("/inbox", ActivityPubController, :inbox)
  907.     post("/users/:nickname/inbox", ActivityPubController, :inbox)
  908.   end
  910.   scope "/relay", Pleroma.Web.ActivityPub do
  911.     pipe_through(:ap_service_actor)
  913.     get("/", ActivityPubController, :relay)
  915.     scope [] do
  916.       pipe_through(:http_signature)
  917.       post("/inbox", ActivityPubController, :inbox)
  918.     end
  920.     get("/following", ActivityPubController, :relay_following)
  921.     get("/followers", ActivityPubController, :relay_followers)
  922.   end
  924.   scope "/internal/fetch", Pleroma.Web.ActivityPub do
  925.     pipe_through(:ap_service_actor)
  927.     get("/", ActivityPubController, :internal_fetch)
  928.     post("/inbox", ActivityPubController, :inbox)
  929.   end
  931.   scope "/.well-known", Pleroma.Web do
  932.     pipe_through(:well_known)
  934.     get("/host-meta", WebFinger.WebFingerController, :host_meta)
  935.     get("/webfinger", WebFinger.WebFingerController, :webfinger)
  936.     get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas)
  937.   end
  939.   scope "/nodeinfo", Pleroma.Web do
  940.     get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
  941.   end
  943.   scope "/", Pleroma.Web do
  944.     pipe_through(:api)
  946.     get("/manifest.json", ManifestController, :show)
  947.   end
  949.   scope "/", Pleroma.Web do
  950.     pipe_through(:pleroma_html)
  952.     post("/auth/password", TwitterAPI.PasswordController, :request)
  953.   end
  955.   scope "/proxy/", Pleroma.Web do
  956.     get("/preview/:sig/:url", MediaProxy.MediaProxyController, :preview)
  957.     get("/preview/:sig/:url/:filename", MediaProxy.MediaProxyController, :preview)
  958.     get("/:sig/:url", MediaProxy.MediaProxyController, :remote)
  959.     get("/:sig/:url/:filename", MediaProxy.MediaProxyController, :remote)
  960.   end
  962.   if Pleroma.Config.get(:env) == :dev do
  963.     scope "/dev" do
  964.       pipe_through([:mailbox_preview])
  966.       forward("/mailbox", Plug.Swoosh.MailboxPreview, base_path: "/dev/mailbox")
  967.     end
  968.   end
  970.   scope "/" do
  971.     pipe_through([:pleroma_html, :authenticate, :require_admin])
  972.     live_dashboard("/phoenix/live_dashboard")
  973.   end
  975.   # Test-only routes needed to test action dispatching and plug chain execution
  976.   if Pleroma.Config.get(:env) == :test do
  977.     @test_actions [
  978.       :do_oauth_check,
  979.       :fallback_oauth_check,
  980.       :skip_oauth_check,
  981.       :fallback_oauth_skip_publicity_check,
  982.       :skip_oauth_skip_publicity_check,
  983.       :missing_oauth_check_definition
  984.     ]
  986.     scope "/test/api", Pleroma.Tests do
  987.       pipe_through(:api)
  989.       for action <- @test_actions do
  990.         get("/#{action}", AuthTestController, action)
  991.       end
  992.     end
  994.     scope "/test/authenticated_api", Pleroma.Tests do
  995.       pipe_through(:authenticated_api)
  997.       for action <- @test_actions do
  998.         get("/#{action}", AuthTestController, action)
  999.       end
  1000.     end
  1001.   end
  1003.   scope "/", Pleroma.Web.MongooseIM do
  1004.     get("/user_exists", MongooseIMController, :user_exists)
  1005.     get("/check_password", MongooseIMController, :check_password)
  1006.   end
  1008.   scope "/", Pleroma.Web.Fallback do
  1009.     get("/registration/:token", RedirectController, :registration_page)
  1010.     get("/:maybe_nickname_or_id", RedirectController, :redirector_with_meta)
  1011.     match(:*, "/api/pleroma/*path", LegacyPleromaApiRerouterPlug, [])
  1012.     get("/api/*path", RedirectController, :api_not_implemented)
  1013.     get("/*path", RedirectController, :redirector_with_preload)
  1015.     options("/*path", RedirectController, :empty)
  1016.   end
  1018.   def get_api_routes do
  1019.     Phoenix.Router.routes(__MODULE__)
  1020.     |> Enum.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end)
  1021.     |> Enum.map(fn r ->
  1022.       r.path
  1023.       |> String.split("/", trim: true)
  1024.       |> List.first()
  1025.     end)
  1026.     |> Enum.uniq()
  1027.   end
  1028. end