git.squeep.com Git - akkoma/blob - lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
   6   use Pleroma.Web, :controller
   7
   8   require Logger
   9
  10   alias Pleroma.Plugs.OAuthScopesPlug
  11   @unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
  12
  13   # Note: :index action handles attempt of unauthenticated access to private instance with redirect
  14   plug(
  15     OAuthScopesPlug,
  16     Map.merge(@unauthenticated_access, %{scopes: ["read"], skip_instance_privacy_check: true})
  17     when action == :index
  18   )
  19
  20   plug(
  21     OAuthScopesPlug,
  22     %{scopes: ["read"]} when action in [:suggestions, :verify_app_credentials]
  23   )
  24
  25   plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
  26
  27   plug(
  28     OAuthScopesPlug,
  29     %{@unauthenticated_access | scopes: ["read:statuses"]} when action == :get_poll
  30   )
  31
  32   plug(OAuthScopesPlug, %{scopes: ["write:statuses"]} when action == :poll_vote)
  33
  34   plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
  35
  36   plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action in [:upload, :update_media])
  37
  38   plug(
  39     OAuthScopesPlug,
  40     %{scopes: ["follow", "read:blocks"]} when action == :blocks
  41   )
  42
  43   # To do: POST /api/v1/follows is not present in Mastodon; consider removing the action
  44   plug(
  45     OAuthScopesPlug,
  46     %{scopes: ["follow", "write:follows"]} when action == :follows
  47   )
  48
  49   plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
  50
  51   # Note: scope not present in Mastodon: read:bookmarks
  52   plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
  53
  54   # An extra safety measure for possible actions not guarded by OAuth permissions specification
  55   plug(
  56     Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
  57     when action not in [
  58            :create_app,
  59            :index,
  60            :login,
  61            :logout,
  62            :password_reset,
  63            :masto_instance,
  64            :peers,
  65            :custom_emojis
  66          ]
  67   )
  68
  69   plug(RateLimiter, :password_reset when action == :password_reset)
  70
  71   @local_mastodon_name "Mastodon-Local"
  72
  73   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
  74
  75   # Stubs for unimplemented mastodon api
  76   #
  77   def empty_array(conn, _) do
  78     Logger.debug("Unimplemented, returning an empty array")
  79     json(conn, [])
  80   end
  81
  82   def empty_object(conn, _) do
  83     Logger.debug("Unimplemented, returning an empty object")
  84     json(conn, %{})
  85   end
  86 end