git.squeep.com Git - akkoma/blob - lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MastodonAPI.TimelineController do
   6   use Pleroma.Web, :controller
   7
   8   import Pleroma.Web.ControllerHelper,
   9     only: [add_link_headers: 2, add_link_headers: 3, truthy_param?: 1]
  10
  11   alias Pleroma.Pagination
  12   alias Pleroma.Plugs.OAuthScopesPlug
  13   alias Pleroma.Plugs.RateLimiter
  14   alias Pleroma.User
  15   alias Pleroma.Web.ActivityPub.ActivityPub
  16
  17   # TODO: Replace with a macro when there is a Phoenix release with
  18   # https://github.com/phoenixframework/phoenix/commit/2e8c63c01fec4dde5467dbbbf9705ff9e780735e
  19   # in it
  20
  21   plug(RateLimiter, [name: :timeline, bucket_name: :direct_timeline] when action == :direct)
  22   plug(RateLimiter, [name: :timeline, bucket_name: :public_timeline] when action == :public)
  23   plug(RateLimiter, [name: :timeline, bucket_name: :home_timeline] when action == :home)
  24   plug(RateLimiter, [name: :timeline, bucket_name: :hashtag_timeline] when action == :hashtag)
  25   plug(RateLimiter, [name: :timeline, bucket_name: :list_timeline] when action == :list)
  26
  27   plug(OAuthScopesPlug, %{scopes: ["read:statuses"]} when action in [:home, :direct])
  28   plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :list)
  29
  30   plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
  31
  32   plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
  33
  34   # GET /api/v1/timelines/home
  35   def home(%{assigns: %{user: user}} = conn, params) do
  36     params =
  37       params
  38       |> Map.put("type", ["Create", "Announce"])
  39       |> Map.put("blocking_user", user)
  40       |> Map.put("muting_user", user)
  41       |> Map.put("user", user)
  42
  43     activities =
  44       [user.ap_id | User.following(user)]
  45       |> ActivityPub.fetch_activities(params)
  46       |> Enum.reverse()
  47
  48     conn
  49     |> add_link_headers(activities)
  50     |> render("index.json", activities: activities, for: user, as: :activity)
  51   end
  52
  53   # GET /api/v1/timelines/direct
  54   def direct(%{assigns: %{user: user}} = conn, params) do
  55     params =
  56       params
  57       |> Map.put("type", "Create")
  58       |> Map.put("blocking_user", user)
  59       |> Map.put("user", user)
  60       |> Map.put(:visibility, "direct")
  61
  62     activities =
  63       [user.ap_id]
  64       |> ActivityPub.fetch_activities_query(params)
  65       |> Pagination.fetch_paginated(params)
  66
  67     conn
  68     |> add_link_headers(activities)
  69     |> render("index.json", activities: activities, for: user, as: :activity)
  70   end
  71
  72   # GET /api/v1/timelines/public
  73   def public(%{assigns: %{user: user}} = conn, params) do
  74     local_only = truthy_param?(params["local"])
  75
  76     activities =
  77       params
  78       |> Map.put("type", ["Create", "Announce"])
  79       |> Map.put("local_only", local_only)
  80       |> Map.put("blocking_user", user)
  81       |> Map.put("muting_user", user)
  82       |> ActivityPub.fetch_public_activities()
  83
  84     conn
  85     |> add_link_headers(activities, %{"local" => local_only})
  86     |> render("index.json", activities: activities, for: user, as: :activity)
  87   end
  88
  89   def hashtag_fetching(params, user, local_only) do
  90     tags =
  91       [params["tag"], params["any"]]
  92       |> List.flatten()
  93       |> Enum.uniq()
  94       |> Enum.filter(& &1)
  95       |> Enum.map(&String.downcase(&1))
  96
  97     tag_all =
  98       params
  99       |> Map.get("all", [])
 100       |> Enum.map(&String.downcase(&1))
 101
 102     tag_reject =
 103       params
 104       |> Map.get("none", [])
 105       |> Enum.map(&String.downcase(&1))
 106
 107     _activities =
 108       params
 109       |> Map.put("type", "Create")
 110       |> Map.put("local_only", local_only)
 111       |> Map.put("blocking_user", user)
 112       |> Map.put("muting_user", user)
 113       |> Map.put("user", user)
 114       |> Map.put("tag", tags)
 115       |> Map.put("tag_all", tag_all)
 116       |> Map.put("tag_reject", tag_reject)
 117       |> ActivityPub.fetch_public_activities()
 118   end
 119
 120   # GET /api/v1/timelines/tag/:tag
 121   def hashtag(%{assigns: %{user: user}} = conn, params) do
 122     local_only = truthy_param?(params["local"])
 123
 124     activities = hashtag_fetching(params, user, local_only)
 125
 126     conn
 127     |> add_link_headers(activities, %{"local" => local_only})
 128     |> render("index.json", activities: activities, for: user, as: :activity)
 129   end
 130
 131   # GET /api/v1/timelines/list/:list_id
 132   def list(%{assigns: %{user: user}} = conn, %{"list_id" => id} = params) do
 133     with %Pleroma.List{title: _title, following: following} <- Pleroma.List.get(id, user) do
 134       params =
 135         params
 136         |> Map.put("type", "Create")
 137         |> Map.put("blocking_user", user)
 138         |> Map.put("user", user)
 139         |> Map.put("muting_user", user)
 140
 141       # we must filter the following list for the user to avoid leaking statuses the user
 142       # does not actually have permission to see (for more info, peruse security issue #270).
 143
 144       user_following = User.following(user)
 145
 146       activities =
 147         following
 148         |> Enum.filter(fn x -> x in user_following end)
 149         |> ActivityPub.fetch_activities_bounded(following, params)
 150         |> Enum.reverse()
 151
 152       render(conn, "index.json", activities: activities, for: user, as: :activity)
 153     else
 154       _e -> render_error(conn, :forbidden, "Error.")
 155     end
 156   end
 157 end