1 defmodule Pleroma.Web.TwitterAPI.Controller do
2 use Pleroma.Web, :controller
4 import Pleroma.Web.ControllerHelper, only: [json_response: 3]
6 alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView, NotificationView}
7 alias Pleroma.Web.CommonAPI
8 alias Pleroma.{Repo, Activity, Object, User, Notification}
9 alias Pleroma.Web.ActivityPub.ActivityPub
10 alias Pleroma.Web.ActivityPub.Utils
15 plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline])
16 action_fallback(:errors)
18 def verify_credentials(%{assigns: %{user: user}} = conn, _params) do
19 token = Phoenix.Token.sign(conn, "user socket", user.id)
23 |> render("show.json", %{user: user, token: token})
26 def status_update(%{assigns: %{user: user}} = conn, %{"status" => _} = status_data) do
27 with media_ids <- extract_media_ids(status_data),
29 TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids)) do
31 |> json(ActivityView.render("activity.json", activity: activity, for: user))
33 _ -> empty_status_reply(conn)
37 def status_update(conn, _status_data) do
38 empty_status_reply(conn)
41 defp empty_status_reply(conn) do
42 bad_request_reply(conn, "Client must provide a 'status' parameter with a value.")
45 defp extract_media_ids(status_data) do
46 with media_ids when not is_nil(media_ids) <- status_data["media_ids"],
47 split_ids <- String.split(media_ids, ","),
48 clean_ids <- Enum.reject(split_ids, fn id -> String.length(id) == 0 end) do
55 def public_and_external_timeline(%{assigns: %{user: user}} = conn, params) do
58 |> Map.put("type", ["Create", "Announce"])
59 |> Map.put("blocking_user", user)
61 activities = ActivityPub.fetch_public_activities(params)
64 |> put_view(ActivityView)
65 |> render("index.json", %{activities: activities, for: user})
68 def public_timeline(%{assigns: %{user: user}} = conn, params) do
71 |> Map.put("type", ["Create", "Announce"])
72 |> Map.put("local_only", true)
73 |> Map.put("blocking_user", user)
75 activities = ActivityPub.fetch_public_activities(params)
78 |> put_view(ActivityView)
79 |> render("index.json", %{activities: activities, for: user})
82 def friends_timeline(%{assigns: %{user: user}} = conn, params) do
85 |> Map.put("type", ["Create", "Announce", "Follow", "Like"])
86 |> Map.put("blocking_user", user)
87 |> Map.put("user", user)
90 ActivityPub.fetch_activities([user.ap_id | user.following], params)
91 |> ActivityPub.contain_timeline(user)
94 |> put_view(ActivityView)
95 |> render("index.json", %{activities: activities, for: user})
98 def show_user(conn, params) do
99 with {:ok, shown} <- TwitterAPI.get_user(params) do
101 if user = conn.assigns.user do
102 %{user: shown, for: user}
108 |> put_view(UserView)
109 |> render("show.json", params)
112 bad_request_reply(conn, msg)
116 def user_timeline(%{assigns: %{user: user}} = conn, params) do
117 case TwitterAPI.get_user(user, params) do
118 {:ok, target_user} ->
119 activities = ActivityPub.fetch_user_activities(target_user, user, params)
122 |> put_view(ActivityView)
123 |> render("index.json", %{activities: activities, for: user})
126 bad_request_reply(conn, msg)
130 def mentions_timeline(%{assigns: %{user: user}} = conn, params) do
133 |> Map.put("type", ["Create", "Announce", "Follow", "Like"])
134 |> Map.put("blocking_user", user)
136 activities = ActivityPub.fetch_activities([user.ap_id], params)
139 |> put_view(ActivityView)
140 |> render("index.json", %{activities: activities, for: user})
143 def dm_timeline(%{assigns: %{user: user}} = conn, params) do
145 ActivityPub.fetch_activities_query(
147 Map.merge(params, %{"type" => "Create", "user" => user, visibility: "direct"})
150 activities = Repo.all(query)
153 |> put_view(ActivityView)
154 |> render("index.json", %{activities: activities, for: user})
157 def notifications(%{assigns: %{user: user}} = conn, params) do
158 notifications = Notification.for_user(user, params)
161 |> put_view(NotificationView)
162 |> render("notification.json", %{notifications: notifications, for: user})
165 def notifications_read(%{assigns: %{user: user}} = conn, %{"latest_id" => latest_id} = params) do
166 Notification.set_read_up_to(user, latest_id)
168 notifications = Notification.for_user(user, params)
171 |> put_view(NotificationView)
172 |> render("notification.json", %{notifications: notifications, for: user})
175 def notifications_read(%{assigns: %{user: _user}} = conn, _) do
176 bad_request_reply(conn, "You need to specify latest_id")
179 def follow(%{assigns: %{user: user}} = conn, params) do
180 case TwitterAPI.follow(user, params) do
181 {:ok, user, followed, _activity} ->
183 |> put_view(UserView)
184 |> render("show.json", %{user: followed, for: user})
187 forbidden_json_reply(conn, msg)
191 def block(%{assigns: %{user: user}} = conn, params) do
192 case TwitterAPI.block(user, params) do
193 {:ok, user, blocked} ->
195 |> put_view(UserView)
196 |> render("show.json", %{user: blocked, for: user})
199 forbidden_json_reply(conn, msg)
203 def unblock(%{assigns: %{user: user}} = conn, params) do
204 case TwitterAPI.unblock(user, params) do
205 {:ok, user, blocked} ->
207 |> put_view(UserView)
208 |> render("show.json", %{user: blocked, for: user})
211 forbidden_json_reply(conn, msg)
215 def delete_post(%{assigns: %{user: user}} = conn, %{"id" => id}) do
216 with {:ok, activity} <- TwitterAPI.delete(user, id) do
218 |> put_view(ActivityView)
219 |> render("activity.json", %{activity: activity, for: user})
223 def unfollow(%{assigns: %{user: user}} = conn, params) do
224 case TwitterAPI.unfollow(user, params) do
225 {:ok, user, unfollowed} ->
227 |> put_view(UserView)
228 |> render("show.json", %{user: unfollowed, for: user})
231 forbidden_json_reply(conn, msg)
235 def fetch_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
236 with %Activity{} = activity <- Repo.get(Activity, id),
237 true <- ActivityPub.visible_for_user?(activity, user) do
239 |> put_view(ActivityView)
240 |> render("activity.json", %{activity: activity, for: user})
244 def fetch_conversation(%{assigns: %{user: user}} = conn, %{"id" => id}) do
245 id = String.to_integer(id)
247 with context when is_binary(context) <- TwitterAPI.conversation_id_to_context(id),
249 ActivityPub.fetch_activities_for_context(context, %{
250 "blocking_user" => user,
254 |> put_view(ActivityView)
255 |> render("index.json", %{activities: activities, for: user})
260 Updates metadata of uploaded media object.
261 Derived from [Twitter API endpoint](https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-metadata-create).
263 def update_media(%{assigns: %{user: user}} = conn, %{"media_id" => id} = data) do
264 object = Repo.get(Object, id)
265 description = get_in(data, ["alt_text", "text"]) || data["name"] || data["description"]
267 {conn, status, response_body} =
270 {halt(conn), :not_found, ""}
272 !Object.authorize_mutation(object, user) ->
273 {halt(conn), :forbidden, "You can only update your own uploads."}
275 !is_binary(description) ->
276 {conn, :not_modified, ""}
279 new_data = Map.put(object.data, "name", description)
283 |> Object.change(%{data: new_data})
286 {conn, :no_content, ""}
290 |> put_status(status)
291 |> json(response_body)
294 def upload(%{assigns: %{user: user}} = conn, %{"media" => media}) do
295 response = TwitterAPI.upload(media, user)
298 |> put_resp_content_type("application/atom+xml")
299 |> send_resp(200, response)
302 def upload_json(%{assigns: %{user: user}} = conn, %{"media" => media}) do
303 response = TwitterAPI.upload(media, user, "json")
306 |> json_reply(200, response)
309 def get_by_id_or_ap_id(id) do
310 activity = Repo.get(Activity, id) || Activity.get_create_activity_by_object_ap_id(id)
312 if activity.data["type"] == "Create" do
315 Activity.get_create_activity_by_object_ap_id(activity.data["object"])
319 def favorite(%{assigns: %{user: user}} = conn, %{"id" => id}) do
320 with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)},
321 {:ok, activity} <- TwitterAPI.fav(user, id) do
323 |> put_view(ActivityView)
324 |> render("activity.json", %{activity: activity, for: user})
328 def unfavorite(%{assigns: %{user: user}} = conn, %{"id" => id}) do
329 with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)},
330 {:ok, activity} <- TwitterAPI.unfav(user, id) do
332 |> put_view(ActivityView)
333 |> render("activity.json", %{activity: activity, for: user})
337 def retweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do
338 with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)},
339 {:ok, activity} <- TwitterAPI.repeat(user, id) do
341 |> put_view(ActivityView)
342 |> render("activity.json", %{activity: activity, for: user})
346 def unretweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do
347 with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)},
348 {:ok, activity} <- TwitterAPI.unrepeat(user, id) do
350 |> put_view(ActivityView)
351 |> render("activity.json", %{activity: activity, for: user})
355 def register(conn, params) do
356 with {:ok, user} <- TwitterAPI.register_user(params) do
358 |> put_view(UserView)
359 |> render("show.json", %{user: user})
363 |> json_reply(400, Jason.encode!(errors))
367 def password_reset(conn, params) do
368 nickname_or_email = params["email"] || params["nickname"]
370 with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do
371 json_response(conn, :no_content, "")
375 def update_avatar(%{assigns: %{user: user}} = conn, params) do
376 {:ok, object} = ActivityPub.upload(params, type: :avatar)
377 change = Changeset.change(user, %{avatar: object.data})
378 {:ok, user} = User.update_and_set_cache(change)
379 CommonAPI.update(user)
382 |> put_view(UserView)
383 |> render("show.json", %{user: user, for: user})
386 def update_banner(%{assigns: %{user: user}} = conn, params) do
387 with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}, type: :banner),
388 new_info <- %{"banner" => object.data},
389 info_cng <- User.Info.profile_update(user.info, new_info),
390 changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng),
391 {:ok, user} <- User.update_and_set_cache(changeset) do
392 CommonAPI.update(user)
393 %{"url" => [%{"href" => href} | _]} = object.data
394 response = %{url: href} |> Jason.encode!()
397 |> json_reply(200, response)
401 def update_background(%{assigns: %{user: user}} = conn, params) do
402 with {:ok, object} <- ActivityPub.upload(params, type: :background),
403 new_info <- %{"background" => object.data},
404 info_cng <- User.Info.profile_update(user.info, new_info),
405 changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng),
406 {:ok, _user} <- User.update_and_set_cache(changeset) do
407 %{"url" => [%{"href" => href} | _]} = object.data
408 response = %{url: href} |> Jason.encode!()
411 |> json_reply(200, response)
415 def external_profile(%{assigns: %{user: current_user}} = conn, %{"profileurl" => uri}) do
416 with {:ok, user_map} <- TwitterAPI.get_external_profile(current_user, uri),
417 response <- Jason.encode!(user_map) do
419 |> json_reply(200, response)
424 |> json(%{error: "Can't find user"})
428 def followers(%{assigns: %{user: for_user}} = conn, params) do
429 with {:ok, user} <- TwitterAPI.get_user(for_user, params),
430 {:ok, followers} <- User.get_followers(user) do
433 for_user && user.id == for_user.id -> followers
434 user.info.hide_network -> []
439 |> put_view(UserView)
440 |> render("index.json", %{users: followers, for: conn.assigns[:user]})
442 _e -> bad_request_reply(conn, "Can't get followers")
446 def friends(%{assigns: %{user: for_user}} = conn, params) do
447 with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params),
448 {:ok, friends} <- User.get_friends(user) do
451 for_user && user.id == for_user.id -> friends
452 user.info.hide_network -> []
457 |> put_view(UserView)
458 |> render("index.json", %{users: friends, for: conn.assigns[:user]})
460 _e -> bad_request_reply(conn, "Can't get friends")
464 def friend_requests(conn, params) do
465 with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params),
466 {:ok, friend_requests} <- User.get_follow_requests(user) do
468 |> put_view(UserView)
469 |> render("index.json", %{users: friend_requests, for: conn.assigns[:user]})
471 _e -> bad_request_reply(conn, "Can't get friend requests")
475 def approve_friend_request(conn, %{"user_id" => uid} = _params) do
476 with followed <- conn.assigns[:user],
477 uid when is_number(uid) <- String.to_integer(uid),
478 %User{} = follower <- Repo.get(User, uid),
479 {:ok, follower} <- User.maybe_follow(follower, followed),
480 %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
481 {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "accept"),
483 ActivityPub.accept(%{
484 to: [follower.ap_id],
485 actor: followed.ap_id,
486 object: follow_activity.data["id"],
490 |> put_view(UserView)
491 |> render("show.json", %{user: follower, for: followed})
493 e -> bad_request_reply(conn, "Can't approve user: #{inspect(e)}")
497 def deny_friend_request(conn, %{"user_id" => uid} = _params) do
498 with followed <- conn.assigns[:user],
499 uid when is_number(uid) <- String.to_integer(uid),
500 %User{} = follower <- Repo.get(User, uid),
501 %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
502 {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "reject"),
504 ActivityPub.reject(%{
505 to: [follower.ap_id],
506 actor: followed.ap_id,
507 object: follow_activity.data["id"],
511 |> put_view(UserView)
512 |> render("show.json", %{user: follower, for: followed})
514 e -> bad_request_reply(conn, "Can't deny user: #{inspect(e)}")
518 def friends_ids(%{assigns: %{user: user}} = conn, _params) do
519 with {:ok, friends} <- User.get_friends(user) do
522 |> Enum.map(fn x -> x.id end)
527 _e -> bad_request_reply(conn, "Can't get friends")
531 def empty_array(conn, _params) do
532 json(conn, Jason.encode!([]))
535 def raw_empty_array(conn, _params) do
539 defp build_info_cng(user, params) do
541 ["no_rich_text", "locked", "hide_network"]
542 |> Enum.reduce(%{}, fn key, res ->
543 if value = params[key] do
544 Map.put(res, key, value == "true")
551 if value = params["default_scope"] do
552 Map.put(info_params, "default_scope", value)
557 User.Info.profile_update(user.info, info_params)
560 defp parse_profile_bio(user, params) do
561 if bio = params["description"] do
562 Map.put(params, "bio", User.parse_bio(bio, user))
568 def update_profile(%{assigns: %{user: user}} = conn, params) do
569 params = parse_profile_bio(user, params)
570 info_cng = build_info_cng(user, params)
572 with changeset <- User.update_changeset(user, params),
573 changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng),
574 {:ok, user} <- User.update_and_set_cache(changeset) do
575 CommonAPI.update(user)
578 |> put_view(UserView)
579 |> render("user.json", %{user: user, for: user})
582 Logger.debug("Can't update user: #{inspect(error)}")
583 bad_request_reply(conn, "Can't update user")
587 def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
588 activities = TwitterAPI.search(user, params)
591 |> put_view(ActivityView)
592 |> render("index.json", %{activities: activities, for: user})
595 def search_user(%{assigns: %{user: user}} = conn, %{"query" => query}) do
596 users = User.search(query, true)
599 |> put_view(UserView)
600 |> render("index.json", %{users: users, for: user})
603 defp bad_request_reply(conn, error_message) do
604 json = error_json(conn, error_message)
605 json_reply(conn, 400, json)
608 defp json_reply(conn, status, json) do
610 |> put_resp_content_type("application/json")
611 |> send_resp(status, json)
614 defp forbidden_json_reply(conn, error_message) do
615 json = error_json(conn, error_message)
616 json_reply(conn, 403, json)
619 def only_if_public_instance(conn = %{conn: %{assigns: %{user: _user}}}, _), do: conn
621 def only_if_public_instance(conn, _) do
622 if Keyword.get(Application.get_env(:pleroma, :instance), :public) do
626 |> forbidden_json_reply("Invalid credentials.")
631 defp error_json(conn, error_message) do
632 %{"error" => error_message, "request" => conn.request_path} |> Jason.encode!()
635 def errors(conn, {:param_cast, _}) do
638 |> json("Invalid parameters")
641 def errors(conn, _) do
644 |> json("Something went wrong")