1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.OStatus.OStatusController do
6 use Pleroma.Web, :controller
8 alias Fallback.RedirectController
12 alias Pleroma.Web.ActivityPub.ActivityPubController
13 alias Pleroma.Web.ActivityPub.ObjectView
14 alias Pleroma.Web.ActivityPub.Visibility
15 alias Pleroma.Web.Endpoint
16 alias Pleroma.Web.Federator
17 alias Pleroma.Web.Metadata.PlayerView
18 alias Pleroma.Web.OStatus.ActivityRepresenter
19 alias Pleroma.Web.Router
23 Pleroma.Plugs.RateLimiter,
24 {:ap_routes, params: ["uuid"]} when action in [:object, :activity]
27 plug(Pleroma.Web.FederatingPlug when action in [:salmon_incoming])
30 Pleroma.Plugs.SetFormatPlug
31 when action in [:object, :activity, :notice]
34 action_fallback(:errors)
36 defp decode_or_retry(body) do
37 with {:ok, magic_key} <- Pleroma.Web.Salmon.fetch_magic_key(body),
38 {:ok, doc} <- Pleroma.Web.Salmon.decode_and_validate(magic_key, body) do
42 with [decoded | _] <- Pleroma.Web.Salmon.decode(body),
43 doc <- XML.parse_document(decoded),
44 uri when not is_nil(uri) <- XML.string_from_xpath("/entry/author[1]/uri", doc),
45 {:ok, _} <- Pleroma.Web.OStatus.make_user(uri, true),
46 {:ok, magic_key} <- Pleroma.Web.Salmon.fetch_magic_key(body),
47 {:ok, doc} <- Pleroma.Web.Salmon.decode_and_validate(magic_key, body) do
53 def salmon_incoming(conn, _) do
54 {:ok, body, _conn} = read_body(conn)
55 {:ok, doc} = decode_or_retry(body)
57 Federator.incoming_doc(doc)
59 send_resp(conn, 200, "")
62 def object(%{assigns: %{format: format}} = conn, %{"uuid" => _uuid})
63 when format in ["json", "activity+json"] do
64 ActivityPubController.call(conn, :object)
67 def object(%{assigns: %{format: format}} = conn, %{"uuid" => uuid}) do
68 with id <- o_status_url(conn, :object, uuid),
69 {_, %Activity{} = activity} <-
70 {:activity, Activity.get_create_by_object_ap_id_with_object(id)},
71 {_, true} <- {:public?, Visibility.is_public?(activity)},
72 %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
74 "html" -> redirect(conn, to: "/notice/#{activity.id}")
75 _ -> represent_activity(conn, nil, activity, user)
78 reason when reason in [{:public?, false}, {:activity, nil}] ->
86 def activity(%{assigns: %{format: format}} = conn, %{"uuid" => _uuid})
87 when format in ["json", "activity+json"] do
88 ActivityPubController.call(conn, :activity)
91 def activity(%{assigns: %{format: format}} = conn, %{"uuid" => uuid}) do
92 with id <- o_status_url(conn, :activity, uuid),
93 {_, %Activity{} = activity} <- {:activity, Activity.normalize(id)},
94 {_, true} <- {:public?, Visibility.is_public?(activity)},
95 %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
97 "html" -> redirect(conn, to: "/notice/#{activity.id}")
98 _ -> represent_activity(conn, format, activity, user)
101 reason when reason in [{:public?, false}, {:activity, nil}] ->
109 def notice(%{assigns: %{format: format}} = conn, %{"id" => id}) do
110 with {_, %Activity{} = activity} <- {:activity, Activity.get_by_id_with_object(id)},
111 {_, true} <- {:public?, Visibility.is_public?(activity)},
112 %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
114 format == "html" && activity.data["type"] == "Create" ->
115 %Object{} = object = Object.normalize(activity)
117 RedirectController.redirector_with_meta(
120 activity_id: activity.id,
122 url: Router.Helpers.o_status_url(Endpoint, :notice, activity.id),
128 RedirectController.redirector(conn, nil)
131 represent_activity(conn, format, activity, user)
134 reason when reason in [{:public?, false}, {:activity, nil}] ->
137 |> RedirectController.redirector(nil, 404)
144 # Returns an HTML embedded <audio> or <video> player suitable for embed iframes.
145 def notice_player(conn, %{"id" => id}) do
146 with %Activity{data: %{"type" => "Create"}} = activity <- Activity.get_by_id_with_object(id),
147 true <- Visibility.is_public?(activity),
148 %Object{} = object <- Object.normalize(activity),
149 %{data: %{"attachment" => [%{"url" => [url | _]} | _]}} <- object,
150 true <- String.starts_with?(url["mediaType"], ["audio", "video"]) do
152 |> put_layout(:metadata_player)
153 |> put_resp_header("x-frame-options", "ALLOW")
155 "content-security-policy",
156 "default-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data: https:; media-src 'self' https:;"
158 |> put_view(PlayerView)
159 |> render("player.html", url)
164 |> RedirectController.redirector(nil, 404)
168 defp represent_activity(
171 %Activity{data: %{"type" => "Create"}} = activity,
174 object = Object.normalize(activity)
177 |> put_resp_header("content-type", "application/activity+json")
178 |> put_view(ObjectView)
179 |> render("object.json", %{object: object})
182 defp represent_activity(_conn, "activity+json", _, _) do
186 defp represent_activity(conn, _, activity, user) do
189 |> ActivityRepresenter.to_simple_form(user, true)
190 |> ActivityRepresenter.wrap_with_entry()
191 |> :xmerl.export_simple(:xmerl_xml)
195 |> put_resp_content_type("application/atom+xml")
196 |> send_resp(200, response)
199 def errors(conn, {:error, :not_found}) do
200 render_error(conn, :not_found, "Not found")
203 def errors(conn, {:fetch_user, nil}), do: errors(conn, {:error, :not_found})
205 def errors(conn, _) do
206 render_error(conn, :internal_server_error, "Something went wrong")