1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountController do
6 use Pleroma.Web, :controller
8 import Pleroma.Web.ControllerHelper,
12 assign_account_by_id: 2,
13 embed_relationships?: 1,
17 alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
18 alias Pleroma.Plugs.OAuthScopesPlug
19 alias Pleroma.Plugs.RateLimiter
21 alias Pleroma.Web.ActivityPub.ActivityPub
22 alias Pleroma.Web.CommonAPI
23 alias Pleroma.Web.MastodonAPI.ListView
24 alias Pleroma.Web.MastodonAPI.MastodonAPI
25 alias Pleroma.Web.MastodonAPI.MastodonAPIController
26 alias Pleroma.Web.MastodonAPI.StatusView
27 alias Pleroma.Web.OAuth.Token
28 alias Pleroma.Web.TwitterAPI.TwitterAPI
30 plug(Pleroma.Web.ApiSpec.CastAndValidate)
32 plug(:skip_plug, [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :create)
34 plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action in [:show, :statuses])
38 %{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]}
39 when action in [:show, :followers, :following]
44 %{fallback: :proceed_unauthenticated, scopes: ["read:statuses"]}
45 when action == :statuses
50 %{scopes: ["read:accounts"]}
51 when action in [:verify_credentials, :endorsements, :identity_proofs]
54 plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :update_credentials)
56 plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists)
60 %{scopes: ["follow", "read:blocks"]} when action == :blocks
65 %{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock]
68 plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships)
72 %{scopes: ["follow", "write:follows"]} when action in [:follow_by_uri, :follow, :unfollow]
75 plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
77 plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
79 @relationship_actions [:follow, :unfollow]
80 @needs_account ~W(followers following lists follow unfollow mute unmute block unblock)a
84 [name: :relation_id_action, params: ["id", "uri"]] when action in @relationship_actions
87 plug(RateLimiter, [name: :relations_actions] when action in @relationship_actions)
88 plug(RateLimiter, [name: :app_account_creation] when action == :create)
89 plug(:assign_account_by_id when action in @needs_account)
91 action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
93 defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AccountOperation
95 @doc "POST /api/v1/accounts"
96 def create(%{assigns: %{app: app}, body_params: params} = conn, _params) do
97 with :ok <- validate_email_param(params),
98 :ok <- TwitterAPI.validate_captcha(app, params),
99 {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true),
100 {:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
102 token_type: "Bearer",
103 access_token: token.token,
105 created_at: Token.Utils.format_created_at(token)
108 {:error, error} -> json_response(conn, :bad_request, %{error: error})
112 def create(%{assigns: %{app: _app}} = conn, _) do
113 render_error(conn, :bad_request, "Missing parameters")
116 def create(conn, _) do
117 render_error(conn, :forbidden, "Invalid credentials")
120 defp validate_email_param(%{email: email}) when not is_nil(email), do: :ok
122 defp validate_email_param(_) do
123 case Pleroma.Config.get([:instance, :account_activation_required]) do
124 true -> {:error, dgettext("errors", "Missing parameter: %{name}", name: "email")}
129 @doc "GET /api/v1/accounts/verify_credentials"
130 def verify_credentials(%{assigns: %{user: user}} = conn, _) do
131 chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
133 render(conn, "show.json",
136 with_pleroma_settings: true,
137 with_chat_token: chat_token
141 @doc "PATCH /api/v1/accounts/update_credentials"
142 def update_credentials(%{assigns: %{user: original_user}, body_params: params} = conn, _params) do
147 |> Enum.filter(fn {_, value} -> not is_nil(value) end)
154 :hide_followers_count,
160 :skip_thread_containment,
161 :allow_following_move,
164 |> Enum.reduce(%{}, fn key, acc ->
165 add_if_present(acc, params, key, key, &{:ok, truthy_param?(&1)})
167 |> add_if_present(params, :display_name, :name)
168 |> add_if_present(params, :note, :bio)
169 |> add_if_present(params, :avatar, :avatar)
170 |> add_if_present(params, :header, :banner)
171 |> add_if_present(params, :pleroma_background_image, :background)
176 &{:ok, normalize_fields_attributes(&1)}
178 |> add_if_present(params, :pleroma_settings_store, :pleroma_settings_store)
179 |> add_if_present(params, :default_scope, :default_scope)
180 |> add_if_present(params, :actor_type, :actor_type)
182 changeset = User.update_changeset(user, user_params)
184 with {:ok, user} <- User.update_and_set_cache(changeset) do
185 render(conn, "show.json", user: user, for: user, with_pleroma_settings: true)
187 _e -> render_error(conn, :forbidden, "Invalid request")
191 defp add_if_present(map, params, params_field, map_field, value_function \\ &{:ok, &1}) do
192 with true <- Map.has_key?(params, params_field),
193 {:ok, new_value} <- value_function.(Map.get(params, params_field)) do
194 Map.put(map, map_field, new_value)
200 defp normalize_fields_attributes(fields) do
201 if Enum.all?(fields, &is_tuple/1) do
202 Enum.map(fields, fn {_, v} -> v end)
205 %{} = field -> %{"name" => field.name, "value" => field.value}
211 @doc "GET /api/v1/accounts/relationships"
212 def relationships(%{assigns: %{user: user}} = conn, %{id: id}) do
213 targets = User.get_all_by_ids(List.wrap(id))
215 render(conn, "relationships.json", user: user, targets: targets)
218 # Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
219 def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
221 @doc "GET /api/v1/accounts/:id"
222 def show(%{assigns: %{user: for_user}} = conn, %{id: nickname_or_id}) do
223 with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
224 true <- User.visible_for?(user, for_user) do
225 render(conn, "show.json", user: user, for: for_user)
227 _e -> render_error(conn, :not_found, "Can't find user")
231 @doc "GET /api/v1/accounts/:id/statuses"
232 def statuses(%{assigns: %{user: reading_user}} = conn, params) do
233 with %User{} = user <- User.get_cached_by_nickname_or_id(params.id, for: reading_user),
234 true <- User.visible_for?(user, reading_user) do
237 |> Map.delete(:tagged)
238 |> Enum.filter(&(not is_nil(&1)))
239 |> Map.new(fn {key, value} -> {to_string(key), value} end)
240 |> Map.put("tag", params[:tagged])
242 activities = ActivityPub.fetch_user_activities(user, reading_user, params)
245 |> add_link_headers(activities)
246 |> put_view(StatusView)
247 |> render("index.json",
248 activities: activities,
253 _e -> render_error(conn, :not_found, "Can't find user")
257 @doc "GET /api/v1/accounts/:id/followers"
258 def followers(%{assigns: %{user: for_user, account: user}} = conn, params) do
261 |> Enum.map(fn {key, value} -> {to_string(key), value} end)
266 for_user && user.id == for_user.id -> MastodonAPI.get_followers(user, params)
267 user.hide_followers -> []
268 true -> MastodonAPI.get_followers(user, params)
272 |> add_link_headers(followers)
273 # https://git.pleroma.social/pleroma/pleroma-fe/-/issues/838#note_59223
274 |> render("index.json",
278 embed_relationships: embed_relationships?(params)
282 @doc "GET /api/v1/accounts/:id/following"
283 def following(%{assigns: %{user: for_user, account: user}} = conn, params) do
286 |> Enum.map(fn {key, value} -> {to_string(key), value} end)
291 for_user && user.id == for_user.id -> MastodonAPI.get_friends(user, params)
292 user.hide_follows -> []
293 true -> MastodonAPI.get_friends(user, params)
297 |> add_link_headers(followers)
298 # https://git.pleroma.social/pleroma/pleroma-fe/-/issues/838#note_59223
299 |> render("index.json",
303 embed_relationships: embed_relationships?(params)
307 @doc "GET /api/v1/accounts/:id/lists"
308 def lists(%{assigns: %{user: user, account: account}} = conn, _params) do
309 lists = Pleroma.List.get_lists_account_belongs(user, account)
312 |> put_view(ListView)
313 |> render("index.json", lists: lists)
316 @doc "POST /api/v1/accounts/:id/follow"
317 def follow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
318 {:error, "Can not follow yourself"}
321 def follow(%{assigns: %{user: follower, account: followed}} = conn, params) do
322 with {:ok, follower} <- MastodonAPI.follow(follower, followed, params) do
323 render(conn, "relationship.json", user: follower, target: followed)
325 {:error, message} -> json_response(conn, :forbidden, %{error: message})
329 @doc "POST /api/v1/accounts/:id/unfollow"
330 def unfollow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
331 {:error, "Can not unfollow yourself"}
334 def unfollow(%{assigns: %{user: follower, account: followed}} = conn, _params) do
335 with {:ok, follower} <- CommonAPI.unfollow(follower, followed) do
336 render(conn, "relationship.json", user: follower, target: followed)
340 @doc "POST /api/v1/accounts/:id/mute"
341 def mute(%{assigns: %{user: muter, account: muted}, body_params: params} = conn, _params) do
342 with {:ok, _user_relationships} <- User.mute(muter, muted, params.notifications) do
343 render(conn, "relationship.json", user: muter, target: muted)
345 {:error, message} -> json_response(conn, :forbidden, %{error: message})
349 @doc "POST /api/v1/accounts/:id/unmute"
350 def unmute(%{assigns: %{user: muter, account: muted}} = conn, _params) do
351 with {:ok, _user_relationships} <- User.unmute(muter, muted) do
352 render(conn, "relationship.json", user: muter, target: muted)
354 {:error, message} -> json_response(conn, :forbidden, %{error: message})
358 @doc "POST /api/v1/accounts/:id/block"
359 def block(%{assigns: %{user: blocker, account: blocked}} = conn, _params) do
360 with {:ok, _user_block} <- User.block(blocker, blocked),
361 {:ok, _activity} <- ActivityPub.block(blocker, blocked) do
362 render(conn, "relationship.json", user: blocker, target: blocked)
364 {:error, message} -> json_response(conn, :forbidden, %{error: message})
368 @doc "POST /api/v1/accounts/:id/unblock"
369 def unblock(%{assigns: %{user: blocker, account: blocked}} = conn, _params) do
370 with {:ok, _activity} <- CommonAPI.unblock(blocker, blocked) do
371 render(conn, "relationship.json", user: blocker, target: blocked)
373 {:error, message} -> json_response(conn, :forbidden, %{error: message})
377 @doc "POST /api/v1/follows"
378 def follow_by_uri(%{body_params: %{uri: uri}} = conn, _) do
379 case User.get_cached_by_nickname(uri) do
382 |> assign(:account, user)
390 @doc "GET /api/v1/mutes"
391 def mutes(%{assigns: %{user: user}} = conn, _) do
392 users = User.muted_users(user, _restrict_deactivated = true)
393 render(conn, "index.json", users: users, for: user, as: :user)
396 @doc "GET /api/v1/blocks"
397 def blocks(%{assigns: %{user: user}} = conn, _) do
398 users = User.blocked_users(user, _restrict_deactivated = true)
399 render(conn, "index.json", users: users, for: user, as: :user)
402 @doc "GET /api/v1/endorsements"
403 def endorsements(conn, params), do: MastodonAPIController.empty_array(conn, params)
405 @doc "GET /api/v1/identity_proofs"
406 def identity_proofs(conn, params), do: MastodonAPIController.empty_array(conn, params)