1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
6 use Pleroma.Web, :controller
11 alias Pleroma.Notification
17 alias Pleroma.Web.ActivityPub.ActivityPub
18 alias Pleroma.Web.ActivityPub.Visibility
19 alias Pleroma.Web.CommonAPI
20 alias Pleroma.Web.MastodonAPI.AccountView
21 alias Pleroma.Web.MastodonAPI.AppView
22 alias Pleroma.Web.MastodonAPI.FilterView
23 alias Pleroma.Web.MastodonAPI.ListView
24 alias Pleroma.Web.MastodonAPI.MastodonAPI
25 alias Pleroma.Web.MastodonAPI.MastodonView
26 alias Pleroma.Web.MastodonAPI.NotificationView
27 alias Pleroma.Web.MastodonAPI.ReportView
28 alias Pleroma.Web.MastodonAPI.StatusView
29 alias Pleroma.Web.MediaProxy
30 alias Pleroma.Web.OAuth.App
31 alias Pleroma.Web.OAuth.Authorization
32 alias Pleroma.Web.OAuth.Token
34 import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
39 @httpoison Application.get_env(:pleroma, :httpoison)
40 @local_mastodon_name "Mastodon-Local"
42 action_fallback(:errors)
44 def create_app(conn, params) do
45 scopes = oauth_scopes(params, ["read"])
49 |> Map.drop(["scope", "scopes"])
50 |> Map.put("scopes", scopes)
52 with cs <- App.register_changeset(%App{}, app_attrs),
53 false <- cs.changes[:client_name] == @local_mastodon_name,
54 {:ok, app} <- Repo.insert(cs) do
57 |> render("show.json", %{app: app})
66 value_function \\ fn x -> {:ok, x} end
68 if Map.has_key?(params, params_field) do
69 case value_function.(params[params_field]) do
70 {:ok, new_value} -> Map.put(map, map_field, new_value)
78 def update_credentials(%{assigns: %{user: user}} = conn, params) do
83 |> add_if_present(params, "display_name", :name)
84 |> add_if_present(params, "note", :bio, fn value -> {:ok, User.parse_bio(value)} end)
85 |> add_if_present(params, "avatar", :avatar, fn value ->
86 with %Plug.Upload{} <- value,
87 {:ok, object} <- ActivityPub.upload(value, type: :avatar) do
96 |> add_if_present(params, "locked", :locked, fn value -> {:ok, value == "true"} end)
97 |> add_if_present(params, "header", :banner, fn value ->
98 with %Plug.Upload{} <- value,
99 {:ok, object} <- ActivityPub.upload(value, type: :banner) do
106 info_cng = User.Info.mastodon_profile_update(user.info, info_params)
108 with changeset <- User.update_changeset(user, user_params),
109 changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng),
110 {:ok, user} <- User.update_and_set_cache(changeset) do
111 if original_user != user do
112 CommonAPI.update(user)
115 json(conn, AccountView.render("account.json", %{user: user, for: user}))
120 |> json(%{error: "Invalid request"})
124 def verify_credentials(%{assigns: %{user: user}} = conn, _) do
125 account = AccountView.render("account.json", %{user: user, for: user})
129 def verify_app_credentials(%{assigns: %{user: _user, token: token}} = conn, _) do
130 with %Token{app: %App{} = app} <- Repo.preload(token, :app) do
133 |> render("short.json", %{app: app})
137 def user(%{assigns: %{user: for_user}} = conn, %{"id" => nickname_or_id}) do
138 with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id),
139 true <- User.auth_active?(user) || user.id == for_user.id || User.superuser?(for_user) do
140 account = AccountView.render("account.json", %{user: user, for: for_user})
146 |> json(%{error: "Can't find user"})
150 @mastodon_api_level "2.5.0"
152 def masto_instance(conn, _params) do
153 instance = Config.get(:instance)
157 title: Keyword.get(instance, :name),
158 description: Keyword.get(instance, :description),
159 version: "#{@mastodon_api_level} (compatible; #{Pleroma.Application.named_version()})",
160 email: Keyword.get(instance, :email),
162 streaming_api: Pleroma.Web.Endpoint.websocket_url()
164 stats: Stats.get_stats(),
165 thumbnail: Web.base_url() <> "/instance/thumbnail.jpeg",
167 registrations: Pleroma.Config.get([:instance, :registrations_open]),
168 # Extra (not present in Mastodon):
169 max_toot_chars: Keyword.get(instance, :limit)
175 def peers(conn, _params) do
176 json(conn, Stats.get_peers())
179 defp mastodonized_emoji do
180 Pleroma.Emoji.get_all()
181 |> Enum.map(fn {shortcode, relative_url} ->
182 url = to_string(URI.merge(Web.base_url(), relative_url))
185 "shortcode" => shortcode,
187 "visible_in_picker" => true,
193 def custom_emojis(conn, _params) do
194 mastodon_emoji = mastodonized_emoji()
195 json(conn, mastodon_emoji)
198 defp add_link_headers(conn, method, activities, param \\ nil, params \\ %{}) do
201 |> Map.drop(["since_id", "max_id"])
204 last = List.last(activities)
205 first = List.first(activities)
211 {next_url, prev_url} =
215 Pleroma.Web.Endpoint,
218 Map.merge(params, %{max_id: min})
221 Pleroma.Web.Endpoint,
224 Map.merge(params, %{since_id: max})
230 Pleroma.Web.Endpoint,
232 Map.merge(params, %{max_id: min})
235 Pleroma.Web.Endpoint,
237 Map.merge(params, %{since_id: max})
243 |> put_resp_header("link", "<#{next_url}>; rel=\"next\", <#{prev_url}>; rel=\"prev\"")
249 def home_timeline(%{assigns: %{user: user}} = conn, params) do
252 |> Map.put("type", ["Create", "Announce"])
253 |> Map.put("blocking_user", user)
254 |> Map.put("muting_user", user)
255 |> Map.put("user", user)
258 [user.ap_id | user.following]
259 |> ActivityPub.fetch_activities(params)
260 |> ActivityPub.contain_timeline(user)
264 |> add_link_headers(:home_timeline, activities)
265 |> put_view(StatusView)
266 |> render("index.json", %{activities: activities, for: user, as: :activity})
269 def public_timeline(%{assigns: %{user: user}} = conn, params) do
270 local_only = params["local"] in [true, "True", "true", "1"]
274 |> Map.put("type", ["Create", "Announce"])
275 |> Map.put("local_only", local_only)
276 |> Map.put("blocking_user", user)
277 |> Map.put("muting_user", user)
278 |> ActivityPub.fetch_public_activities()
282 |> add_link_headers(:public_timeline, activities, false, %{"local" => local_only})
283 |> put_view(StatusView)
284 |> render("index.json", %{activities: activities, for: user, as: :activity})
287 def user_statuses(%{assigns: %{user: reading_user}} = conn, params) do
288 with %User{} = user <- User.get_by_id(params["id"]) do
289 activities = ActivityPub.fetch_user_activities(user, reading_user, params)
292 |> add_link_headers(:user_statuses, activities, params["id"])
293 |> put_view(StatusView)
294 |> render("index.json", %{
295 activities: activities,
302 def dm_timeline(%{assigns: %{user: user}} = conn, params) do
305 |> Map.put("type", "Create")
306 |> Map.put("blocking_user", user)
307 |> Map.put("user", user)
308 |> Map.put(:visibility, "direct")
312 |> ActivityPub.fetch_activities_query(params)
316 |> add_link_headers(:dm_timeline, activities)
317 |> put_view(StatusView)
318 |> render("index.json", %{activities: activities, for: user, as: :activity})
321 def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
322 with %Activity{} = activity <- Activity.get_by_id(id),
323 true <- Visibility.visible_for_user?(activity, user) do
325 |> put_view(StatusView)
326 |> try_render("status.json", %{activity: activity, for: user})
330 def get_context(%{assigns: %{user: user}} = conn, %{"id" => id}) do
331 with %Activity{} = activity <- Activity.get_by_id(id),
333 ActivityPub.fetch_activities_for_context(activity.data["context"], %{
334 "blocking_user" => user,
338 activities |> Enum.filter(fn %{id: aid} -> to_string(aid) != to_string(id) end),
340 activities |> Enum.filter(fn %{data: %{"type" => type}} -> type == "Create" end),
341 grouped_activities <- Enum.group_by(activities, fn %{id: id} -> id < activity.id end) do
347 activities: grouped_activities[true] || [],
351 # credo:disable-for-previous-line Credo.Check.Refactor.PipeChainStart
356 activities: grouped_activities[false] || [],
360 # credo:disable-for-previous-line Credo.Check.Refactor.PipeChainStart
367 def post_status(conn, %{"status" => "", "media_ids" => media_ids} = params)
368 when length(media_ids) > 0 do
371 |> Map.put("status", ".")
373 post_status(conn, params)
376 def post_status(%{assigns: %{user: user}} = conn, %{"status" => _} = params) do
379 |> Map.put("in_reply_to_status_id", params["in_reply_to_id"])
382 case get_req_header(conn, "idempotency-key") do
384 _ -> Ecto.UUID.generate()
388 Cachex.fetch!(:idempotency_cache, idempotency_key, fn _ -> CommonAPI.post(user, params) end)
391 |> put_view(StatusView)
392 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
395 def delete_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
396 with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do
402 |> json(%{error: "Can't delete this post"})
406 def reblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
407 with {:ok, announce, _activity} <- CommonAPI.repeat(ap_id_or_id, user) do
409 |> put_view(StatusView)
410 |> try_render("status.json", %{activity: announce, for: user, as: :activity})
414 def unreblog_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
415 with {:ok, _unannounce, %{data: %{"id" => id}}} <- CommonAPI.unrepeat(ap_id_or_id, user),
416 %Activity{} = activity <- Activity.get_create_by_object_ap_id(id) do
418 |> put_view(StatusView)
419 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
423 def fav_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
424 with {:ok, _fav, %{data: %{"id" => id}}} <- CommonAPI.favorite(ap_id_or_id, user),
425 %Activity{} = activity <- Activity.get_create_by_object_ap_id(id) do
427 |> put_view(StatusView)
428 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
432 def unfav_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
433 with {:ok, _, _, %{data: %{"id" => id}}} <- CommonAPI.unfavorite(ap_id_or_id, user),
434 %Activity{} = activity <- Activity.get_create_by_object_ap_id(id) do
436 |> put_view(StatusView)
437 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
441 def pin_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
442 with {:ok, activity} <- CommonAPI.pin(ap_id_or_id, user) do
444 |> put_view(StatusView)
445 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
449 |> put_resp_content_type("application/json")
450 |> send_resp(:bad_request, Jason.encode!(%{"error" => reason}))
454 def unpin_status(%{assigns: %{user: user}} = conn, %{"id" => ap_id_or_id}) do
455 with {:ok, activity} <- CommonAPI.unpin(ap_id_or_id, user) do
457 |> put_view(StatusView)
458 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
462 def bookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
463 with %Activity{} = activity <- Activity.get_by_id(id),
464 %User{} = user <- User.get_by_nickname(user.nickname),
465 true <- Visibility.visible_for_user?(activity, user),
466 {:ok, user} <- User.bookmark(user, activity.data["object"]["id"]) do
468 |> put_view(StatusView)
469 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
473 def unbookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
474 with %Activity{} = activity <- Activity.get_by_id(id),
475 %User{} = user <- User.get_by_nickname(user.nickname),
476 true <- Visibility.visible_for_user?(activity, user),
477 {:ok, user} <- User.unbookmark(user, activity.data["object"]["id"]) do
479 |> put_view(StatusView)
480 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
484 def mute_conversation(%{assigns: %{user: user}} = conn, %{"id" => id}) do
485 activity = Activity.get_by_id(id)
487 with {:ok, activity} <- CommonAPI.add_mute(user, activity) do
489 |> put_view(StatusView)
490 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
494 |> put_resp_content_type("application/json")
495 |> send_resp(:bad_request, Jason.encode!(%{"error" => reason}))
499 def unmute_conversation(%{assigns: %{user: user}} = conn, %{"id" => id}) do
500 activity = Activity.get_by_id(id)
502 with {:ok, activity} <- CommonAPI.remove_mute(user, activity) do
504 |> put_view(StatusView)
505 |> try_render("status.json", %{activity: activity, for: user, as: :activity})
509 def notifications(%{assigns: %{user: user}} = conn, params) do
510 notifications = MastodonAPI.get_notifications(user, params)
513 |> add_link_headers(:notifications, notifications)
514 |> put_view(NotificationView)
515 |> render("index.json", %{notifications: notifications, for: user})
518 def get_notification(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do
519 with {:ok, notification} <- Notification.get(user, id) do
521 |> put_view(NotificationView)
522 |> render("show.json", %{notification: notification, for: user})
526 |> put_resp_content_type("application/json")
527 |> send_resp(403, Jason.encode!(%{"error" => reason}))
531 def clear_notifications(%{assigns: %{user: user}} = conn, _params) do
532 Notification.clear(user)
536 def dismiss_notification(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do
537 with {:ok, _notif} <- Notification.dismiss(user, id) do
542 |> put_resp_content_type("application/json")
543 |> send_resp(403, Jason.encode!(%{"error" => reason}))
547 def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do
549 q = from(u in User, where: u.id in ^id)
550 targets = Repo.all(q)
553 |> put_view(AccountView)
554 |> render("relationships.json", %{user: user, targets: targets})
557 # Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
558 def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
560 def update_media(%{assigns: %{user: user}} = conn, data) do
561 with %Object{} = object <- Repo.get(Object, data["id"]),
562 true <- Object.authorize_mutation(object, user),
563 true <- is_binary(data["description"]),
564 description <- data["description"] do
565 new_data = %{object.data | "name" => description}
569 |> Object.change(%{data: new_data})
572 attachment_data = Map.put(new_data, "id", object.id)
575 |> put_view(StatusView)
576 |> render("attachment.json", %{attachment: attachment_data})
580 def upload(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do
581 with {:ok, object} <-
584 actor: User.ap_id(user),
585 description: Map.get(data, "description")
587 attachment_data = Map.put(object.data, "id", object.id)
590 |> put_view(StatusView)
591 |> render("attachment.json", %{attachment: attachment_data})
595 def favourited_by(conn, %{"id" => id}) do
596 with %Activity{data: %{"object" => %{"likes" => likes}}} <- Activity.get_by_id(id) do
597 q = from(u in User, where: u.ap_id in ^likes)
601 |> put_view(AccountView)
602 |> render(AccountView, "accounts.json", %{users: users, as: :user})
608 def reblogged_by(conn, %{"id" => id}) do
609 with %Activity{data: %{"object" => %{"announcements" => announces}}} <- Activity.get_by_id(id) do
610 q = from(u in User, where: u.ap_id in ^announces)
614 |> put_view(AccountView)
615 |> render("accounts.json", %{users: users, as: :user})
621 def hashtag_timeline(%{assigns: %{user: user}} = conn, params) do
622 local_only = params["local"] in [true, "True", "true", "1"]
625 [params["tag"], params["any"]]
629 |> Enum.map(&String.downcase(&1))
634 |> Enum.map(&String.downcase(&1))
639 |> Enum.map(&String.downcase(&1))
643 |> Map.put("type", "Create")
644 |> Map.put("local_only", local_only)
645 |> Map.put("blocking_user", user)
646 |> Map.put("muting_user", user)
647 |> Map.put("tag", tags)
648 |> Map.put("tag_all", tag_all)
649 |> Map.put("tag_reject", tag_reject)
650 |> ActivityPub.fetch_public_activities()
654 |> add_link_headers(:hashtag_timeline, activities, params["tag"], %{"local" => local_only})
655 |> put_view(StatusView)
656 |> render("index.json", %{activities: activities, for: user, as: :activity})
659 def followers(%{assigns: %{user: for_user}} = conn, %{"id" => id} = params) do
660 with %User{} = user <- User.get_by_id(id),
661 followers <- MastodonAPI.get_followers(user, params) do
664 for_user && user.id == for_user.id -> followers
665 user.info.hide_followers -> []
670 |> add_link_headers(:followers, followers, user)
671 |> put_view(AccountView)
672 |> render("accounts.json", %{users: followers, as: :user})
676 def following(%{assigns: %{user: for_user}} = conn, %{"id" => id} = params) do
677 with %User{} = user <- User.get_by_id(id),
678 followers <- MastodonAPI.get_friends(user, params) do
681 for_user && user.id == for_user.id -> followers
682 user.info.hide_follows -> []
687 |> add_link_headers(:following, followers, user)
688 |> put_view(AccountView)
689 |> render("accounts.json", %{users: followers, as: :user})
693 def follow_requests(%{assigns: %{user: followed}} = conn, _params) do
694 with {:ok, follow_requests} <- User.get_follow_requests(followed) do
696 |> put_view(AccountView)
697 |> render("accounts.json", %{users: follow_requests, as: :user})
701 def authorize_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do
702 with %User{} = follower <- User.get_by_id(id),
703 {:ok, follower} <- CommonAPI.accept_follow_request(follower, followed) do
705 |> put_view(AccountView)
706 |> render("relationship.json", %{user: followed, target: follower})
710 |> put_resp_content_type("application/json")
711 |> send_resp(403, Jason.encode!(%{"error" => message}))
715 def reject_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do
716 with %User{} = follower <- User.get_by_id(id),
717 {:ok, follower} <- CommonAPI.reject_follow_request(follower, followed) do
719 |> put_view(AccountView)
720 |> render("relationship.json", %{user: followed, target: follower})
724 |> put_resp_content_type("application/json")
725 |> send_resp(403, Jason.encode!(%{"error" => message}))
729 def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do
730 with %User{} = followed <- User.get_by_id(id),
731 false <- User.following?(follower, followed),
732 {:ok, follower, followed, _} <- CommonAPI.follow(follower, followed) do
734 |> put_view(AccountView)
735 |> render("relationship.json", %{user: follower, target: followed})
738 followed = User.get_cached_by_id(id)
741 case conn.params["reblogs"] do
742 true -> CommonAPI.show_reblogs(follower, followed)
743 false -> CommonAPI.hide_reblogs(follower, followed)
747 |> put_view(AccountView)
748 |> render("relationship.json", %{user: follower, target: followed})
752 |> put_resp_content_type("application/json")
753 |> send_resp(403, Jason.encode!(%{"error" => message}))
757 def follow(%{assigns: %{user: follower}} = conn, %{"uri" => uri}) do
758 with %User{} = followed <- User.get_by_nickname(uri),
759 {:ok, follower, followed, _} <- CommonAPI.follow(follower, followed) do
761 |> put_view(AccountView)
762 |> render("account.json", %{user: followed, for: follower})
766 |> put_resp_content_type("application/json")
767 |> send_resp(403, Jason.encode!(%{"error" => message}))
771 def unfollow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do
772 with %User{} = followed <- User.get_by_id(id),
773 {:ok, follower} <- CommonAPI.unfollow(follower, followed) do
775 |> put_view(AccountView)
776 |> render("relationship.json", %{user: follower, target: followed})
780 def mute(%{assigns: %{user: muter}} = conn, %{"id" => id}) do
781 with %User{} = muted <- User.get_by_id(id),
782 {:ok, muter} <- User.mute(muter, muted) do
784 |> put_view(AccountView)
785 |> render("relationship.json", %{user: muter, target: muted})
789 |> put_resp_content_type("application/json")
790 |> send_resp(403, Jason.encode!(%{"error" => message}))
794 def unmute(%{assigns: %{user: muter}} = conn, %{"id" => id}) do
795 with %User{} = muted <- User.get_by_id(id),
796 {:ok, muter} <- User.unmute(muter, muted) do
798 |> put_view(AccountView)
799 |> render("relationship.json", %{user: muter, target: muted})
803 |> put_resp_content_type("application/json")
804 |> send_resp(403, Jason.encode!(%{"error" => message}))
808 def mutes(%{assigns: %{user: user}} = conn, _) do
809 with muted_accounts <- User.muted_users(user) do
810 res = AccountView.render("accounts.json", users: muted_accounts, for: user, as: :user)
815 def block(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do
816 with %User{} = blocked <- User.get_by_id(id),
817 {:ok, blocker} <- User.block(blocker, blocked),
818 {:ok, _activity} <- ActivityPub.block(blocker, blocked) do
820 |> put_view(AccountView)
821 |> render("relationship.json", %{user: blocker, target: blocked})
825 |> put_resp_content_type("application/json")
826 |> send_resp(403, Jason.encode!(%{"error" => message}))
830 def unblock(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do
831 with %User{} = blocked <- User.get_by_id(id),
832 {:ok, blocker} <- User.unblock(blocker, blocked),
833 {:ok, _activity} <- ActivityPub.unblock(blocker, blocked) do
835 |> put_view(AccountView)
836 |> render("relationship.json", %{user: blocker, target: blocked})
840 |> put_resp_content_type("application/json")
841 |> send_resp(403, Jason.encode!(%{"error" => message}))
845 def blocks(%{assigns: %{user: user}} = conn, _) do
846 with blocked_accounts <- User.blocked_users(user) do
847 res = AccountView.render("accounts.json", users: blocked_accounts, for: user, as: :user)
852 def domain_blocks(%{assigns: %{user: %{info: info}}} = conn, _) do
853 json(conn, info.domain_blocks || [])
856 def block_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do
857 User.block_domain(blocker, domain)
861 def unblock_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do
862 User.unblock_domain(blocker, domain)
866 def status_search(user, query) do
868 if Regex.match?(~r/https?:/, query) do
869 with {:ok, object} <- ActivityPub.fetch_object_from_id(query),
870 %Activity{} = activity <- Activity.get_create_by_object_ap_id(object.data["id"]),
871 true <- Visibility.visible_for_user?(activity, user) do
881 where: fragment("?->>'type' = 'Create'", a.data),
882 where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
885 "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
890 order_by: [desc: :id]
893 Repo.all(q) ++ fetched
896 def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
897 accounts = User.search(query, resolve: params["resolve"] == "true", for_user: user)
899 statuses = status_search(user, query)
901 tags_path = Web.base_url() <> "/tag/"
907 |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
908 |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
909 |> Enum.map(fn tag -> %{name: tag, url: tags_path <> tag} end)
912 "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
914 StatusView.render("index.json", activities: statuses, for: user, as: :activity),
921 def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
922 accounts = User.search(query, resolve: params["resolve"] == "true", for_user: user)
924 statuses = status_search(user, query)
930 |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
931 |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
934 "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
936 StatusView.render("index.json", activities: statuses, for: user, as: :activity),
943 def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
944 accounts = User.search(query, resolve: params["resolve"] == "true", for_user: user)
946 res = AccountView.render("accounts.json", users: accounts, for: user, as: :user)
951 def favourites(%{assigns: %{user: user}} = conn, params) do
954 |> Map.put("type", "Create")
955 |> Map.put("favorited_by", user.ap_id)
956 |> Map.put("blocking_user", user)
959 ActivityPub.fetch_activities([], params)
963 |> add_link_headers(:favourites, activities)
964 |> put_view(StatusView)
965 |> render("index.json", %{activities: activities, for: user, as: :activity})
968 def bookmarks(%{assigns: %{user: user}} = conn, _) do
969 user = User.get_by_id(user.id)
973 |> Enum.map(fn id -> Activity.get_create_by_object_ap_id(id) end)
977 |> put_view(StatusView)
978 |> render("index.json", %{activities: activities, for: user, as: :activity})
981 def get_lists(%{assigns: %{user: user}} = conn, opts) do
982 lists = Pleroma.List.for_user(user, opts)
983 res = ListView.render("lists.json", lists: lists)
987 def get_list(%{assigns: %{user: user}} = conn, %{"id" => id}) do
988 with %Pleroma.List{} = list <- Pleroma.List.get(id, user) do
989 res = ListView.render("list.json", list: list)
995 |> json(%{error: "Record not found"})
999 def account_lists(%{assigns: %{user: user}} = conn, %{"id" => account_id}) do
1000 lists = Pleroma.List.get_lists_account_belongs(user, account_id)
1001 res = ListView.render("lists.json", lists: lists)
1005 def delete_list(%{assigns: %{user: user}} = conn, %{"id" => id}) do
1006 with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
1007 {:ok, _list} <- Pleroma.List.delete(list) do
1015 def create_list(%{assigns: %{user: user}} = conn, %{"title" => title}) do
1016 with {:ok, %Pleroma.List{} = list} <- Pleroma.List.create(title, user) do
1017 res = ListView.render("list.json", list: list)
1022 def add_to_list(%{assigns: %{user: user}} = conn, %{"id" => id, "account_ids" => accounts}) do
1024 |> Enum.each(fn account_id ->
1025 with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
1026 %User{} = followed <- User.get_by_id(account_id) do
1027 Pleroma.List.follow(list, followed)
1034 def remove_from_list(%{assigns: %{user: user}} = conn, %{"id" => id, "account_ids" => accounts}) do
1036 |> Enum.each(fn account_id ->
1037 with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
1038 %User{} = followed <- Pleroma.User.get_by_id(account_id) do
1039 Pleroma.List.unfollow(list, followed)
1046 def list_accounts(%{assigns: %{user: user}} = conn, %{"id" => id}) do
1047 with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
1048 {:ok, users} = Pleroma.List.get_following(list) do
1050 |> put_view(AccountView)
1051 |> render("accounts.json", %{users: users, as: :user})
1055 def rename_list(%{assigns: %{user: user}} = conn, %{"id" => id, "title" => title}) do
1056 with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
1057 {:ok, list} <- Pleroma.List.rename(list, title) do
1058 res = ListView.render("list.json", list: list)
1066 def list_timeline(%{assigns: %{user: user}} = conn, %{"list_id" => id} = params) do
1067 with %Pleroma.List{title: _title, following: following} <- Pleroma.List.get(id, user) do
1070 |> Map.put("type", "Create")
1071 |> Map.put("blocking_user", user)
1072 |> Map.put("muting_user", user)
1074 # we must filter the following list for the user to avoid leaking statuses the user
1075 # does not actually have permission to see (for more info, peruse security issue #270).
1078 |> Enum.filter(fn x -> x in user.following end)
1079 |> ActivityPub.fetch_activities_bounded(following, params)
1083 |> put_view(StatusView)
1084 |> render("index.json", %{activities: activities, for: user, as: :activity})
1089 |> json(%{error: "Error."})
1093 def index(%{assigns: %{user: user}} = conn, _params) do
1096 |> get_session(:oauth_token)
1099 mastodon_emoji = mastodonized_emoji()
1101 limit = Config.get([:instance, :limit])
1104 Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user}))
1106 flavour = get_user_flavour(user)
1111 streaming_api_base_url:
1112 String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
1113 access_token: token,
1115 domain: Pleroma.Web.Endpoint.host(),
1118 unfollow_modal: false,
1121 auto_play_gif: false,
1122 display_sensitive_media: false,
1123 reduce_motion: false,
1124 max_toot_chars: limit,
1125 mascot: "/images/pleroma-fox-tan-smol.png"
1128 delete_others_notice: present?(user.info.is_moderator),
1129 admin: present?(user.info.is_admin)
1133 default_privacy: user.info.default_scope,
1134 default_sensitive: false,
1135 allow_content_types: Config.get([:instance, :allowed_post_formats])
1137 media_attachments: %{
1138 accept_content_types: [
1154 user.info.settings ||
1184 push_subscription: nil,
1186 custom_emojis: mastodon_emoji,
1192 |> put_layout(false)
1193 |> put_view(MastodonView)
1194 |> render("index.html", %{initial_state: initial_state, flavour: flavour})
1197 |> redirect(to: "/web/login")
1201 def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
1202 info_cng = User.Info.mastodon_settings_update(user.info, settings)
1204 with changeset <- Ecto.Changeset.change(user),
1205 changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng),
1206 {:ok, _user} <- User.update_and_set_cache(changeset) do
1211 |> put_resp_content_type("application/json")
1212 |> send_resp(500, Jason.encode!(%{"error" => inspect(e)}))
1216 @supported_flavours ["glitch", "vanilla"]
1218 def set_flavour(%{assigns: %{user: user}} = conn, %{"flavour" => flavour} = _params)
1219 when flavour in @supported_flavours do
1220 flavour_cng = User.Info.mastodon_flavour_update(user.info, flavour)
1222 with changeset <- Ecto.Changeset.change(user),
1223 changeset <- Ecto.Changeset.put_embed(changeset, :info, flavour_cng),
1224 {:ok, user} <- User.update_and_set_cache(changeset),
1225 flavour <- user.info.flavour do
1230 |> put_resp_content_type("application/json")
1231 |> send_resp(500, Jason.encode!(%{"error" => inspect(e)}))
1235 def set_flavour(conn, _params) do
1238 |> json(%{error: "Unsupported flavour"})
1241 def get_flavour(%{assigns: %{user: user}} = conn, _params) do
1242 json(conn, get_user_flavour(user))
1245 defp get_user_flavour(%User{info: %{flavour: flavour}}) when flavour in @supported_flavours do
1249 defp get_user_flavour(_) do
1253 def login(%{assigns: %{user: %User{}}} = conn, _params) do
1254 redirect(conn, to: local_mastodon_root_path(conn))
1257 @doc "Local Mastodon FE login init action"
1258 def login(conn, %{"code" => auth_token}) do
1259 with {:ok, app} <- get_or_make_app(),
1260 %Authorization{} = auth <- Repo.get_by(Authorization, token: auth_token, app_id: app.id),
1261 {:ok, token} <- Token.exchange_token(app, auth) do
1263 |> put_session(:oauth_token, token.token)
1264 |> redirect(to: local_mastodon_root_path(conn))
1268 @doc "Local Mastodon FE callback action"
1269 def login(conn, _) do
1270 with {:ok, app} <- get_or_make_app() do
1275 response_type: "code",
1276 client_id: app.client_id,
1278 scope: Enum.join(app.scopes, " ")
1282 |> redirect(to: path)
1286 defp local_mastodon_root_path(conn), do: mastodon_api_path(conn, :index, ["getting-started"])
1288 defp get_or_make_app do
1289 find_attrs = %{client_name: @local_mastodon_name, redirect_uris: "."}
1290 scopes = ["read", "write", "follow", "push"]
1292 with %App{} = app <- Repo.get_by(App, find_attrs) do
1294 if app.scopes == scopes do
1298 |> Ecto.Changeset.change(%{scopes: scopes})
1306 App.register_changeset(
1308 Map.put(find_attrs, :scopes, scopes)
1315 def logout(conn, _) do
1318 |> redirect(to: "/")
1321 def relationship_noop(%{assigns: %{user: user}} = conn, %{"id" => id}) do
1322 Logger.debug("Unimplemented, returning unmodified relationship")
1324 with %User{} = target <- User.get_by_id(id) do
1326 |> put_view(AccountView)
1327 |> render("relationship.json", %{user: user, target: target})
1331 def empty_array(conn, _) do
1332 Logger.debug("Unimplemented, returning an empty array")
1336 def empty_object(conn, _) do
1337 Logger.debug("Unimplemented, returning an empty object")
1341 def get_filters(%{assigns: %{user: user}} = conn, _) do
1342 filters = Filter.get_filters(user)
1343 res = FilterView.render("filters.json", filters: filters)
1348 %{assigns: %{user: user}} = conn,
1349 %{"phrase" => phrase, "context" => context} = params
1355 hide: Map.get(params, "irreversible", nil),
1356 whole_word: Map.get(params, "boolean", true)
1360 {:ok, response} = Filter.create(query)
1361 res = FilterView.render("filter.json", filter: response)
1365 def get_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do
1366 filter = Filter.get(filter_id, user)
1367 res = FilterView.render("filter.json", filter: filter)
1372 %{assigns: %{user: user}} = conn,
1373 %{"phrase" => phrase, "context" => context, "id" => filter_id} = params
1377 filter_id: filter_id,
1380 hide: Map.get(params, "irreversible", nil),
1381 whole_word: Map.get(params, "boolean", true)
1385 {:ok, response} = Filter.update(query)
1386 res = FilterView.render("filter.json", filter: response)
1390 def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do
1393 filter_id: filter_id
1396 {:ok, _} = Filter.delete(query)
1402 def errors(conn, _) do
1405 |> json("Something went wrong")
1408 def suggestions(%{assigns: %{user: user}} = conn, _) do
1409 suggestions = Config.get(:suggestions)
1411 if Keyword.get(suggestions, :enabled, false) do
1412 api = Keyword.get(suggestions, :third_party_engine, "")
1413 timeout = Keyword.get(suggestions, :timeout, 5000)
1414 limit = Keyword.get(suggestions, :limit, 23)
1416 host = Config.get([Pleroma.Web.Endpoint, :url, :host])
1418 user = user.nickname
1422 |> String.replace("{{host}}", host)
1423 |> String.replace("{{user}}", user)
1425 with {:ok, %{status: 200, body: body}} <-
1430 recv_timeout: timeout,
1434 {:ok, data} <- Jason.decode(body) do
1437 |> Enum.slice(0, limit)
1442 case User.get_or_fetch(x["acct"]) do
1449 Map.put(x, "avatar", MediaProxy.url(x["avatar"]))
1452 Map.put(x, "avatar_static", MediaProxy.url(x["avatar_static"]))
1458 e -> Logger.error("Could not retrieve suggestions at fetch #{url}, #{inspect(e)}")
1465 def status_card(%{assigns: %{user: user}} = conn, %{"id" => status_id}) do
1466 with %Activity{} = activity <- Activity.get_by_id(status_id),
1467 true <- Visibility.visible_for_user?(activity, user) do
1471 Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
1481 def reports(%{assigns: %{user: user}} = conn, params) do
1482 case CommonAPI.report(user, params) do
1485 |> put_view(ReportView)
1486 |> try_render("report.json", %{activity: activity})
1490 |> put_status(:bad_request)
1491 |> json(%{error: err})
1495 def try_render(conn, target, params)
1496 when is_binary(target) do
1497 res = render(conn, target, params)
1502 |> json(%{error: "Can't display this activity"})
1508 def try_render(conn, _, _) do
1511 |> json(%{error: "Can't display this activity"})
1514 defp present?(nil), do: false
1515 defp present?(false), do: false
1516 defp present?(_), do: true