1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
6 use Pleroma.Web, :controller
10 alias Pleroma.Plugs.OAuthScopesPlug
11 @unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
13 # Note: :index action handles attempt of unauthenticated access to private instance with redirect
16 Map.merge(@unauthenticated_access, %{scopes: ["read"], skip_instance_privacy_check: true})
22 %{scopes: ["read"]} when action in [:suggestions, :verify_app_credentials]
25 plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
29 %{@unauthenticated_access | scopes: ["read:statuses"]} when action == :get_poll
32 plug(OAuthScopesPlug, %{scopes: ["write:statuses"]} when action == :poll_vote)
34 plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
36 plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action in [:upload, :update_media])
40 %{scopes: ["follow", "read:blocks"]} when action == :blocks
43 # To do: POST /api/v1/follows is not present in Mastodon; consider removing the action
46 %{scopes: ["follow", "write:follows"]} when action == :follows
49 plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
51 # Note: scope not present in Mastodon: read:bookmarks
52 plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
54 # An extra safety measure for possible actions not guarded by OAuth permissions specification
56 Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
69 plug(RateLimiter, :password_reset when action == :password_reset)
71 @local_mastodon_name "Mastodon-Local"
73 action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
75 # Stubs for unimplemented mastodon api
77 def empty_array(conn, _) do
78 Logger.debug("Unimplemented, returning an empty array")
82 def empty_object(conn, _) do
83 Logger.debug("Unimplemented, returning an empty object")