1 defmodule Pleroma.Web.TwitterAPI.Controller do
2 use Pleroma.Web, :controller
3 alias Pleroma.Web.TwitterAPI.{TwitterAPI, UserView, ActivityView, NotificationView}
4 alias Pleroma.Web.CommonAPI
5 alias Pleroma.{Repo, Activity, Object, User, Notification}
6 alias Pleroma.Web.ActivityPub.ActivityPub
7 alias Pleroma.Web.ActivityPub.Utils
12 plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline])
13 action_fallback(:errors)
15 def verify_credentials(%{assigns: %{user: user}} = conn, _params) do
16 token = Phoenix.Token.sign(conn, "user socket", user.id)
17 render(conn, UserView, "show.json", %{user: user, token: token})
20 def status_update(%{assigns: %{user: user}} = conn, %{"status" => _} = status_data) do
21 with media_ids <- extract_media_ids(status_data),
23 TwitterAPI.create_status(user, Map.put(status_data, "media_ids", media_ids)) do
25 |> json(ActivityView.render("activity.json", activity: activity, for: user))
27 _ -> empty_status_reply(conn)
31 def status_update(conn, _status_data) do
32 empty_status_reply(conn)
35 defp empty_status_reply(conn) do
36 bad_request_reply(conn, "Client must provide a 'status' parameter with a value.")
39 defp extract_media_ids(status_data) do
40 with media_ids when not is_nil(media_ids) <- status_data["media_ids"],
41 split_ids <- String.split(media_ids, ","),
42 clean_ids <- Enum.reject(split_ids, fn id -> String.length(id) == 0 end) do
49 def public_and_external_timeline(%{assigns: %{user: user}} = conn, params) do
52 |> Map.put("type", ["Create", "Announce"])
53 |> Map.put("blocking_user", user)
55 activities = ActivityPub.fetch_public_activities(params)
58 |> render(ActivityView, "index.json", %{activities: activities, for: user})
61 def public_timeline(%{assigns: %{user: user}} = conn, params) do
64 |> Map.put("type", ["Create", "Announce"])
65 |> Map.put("local_only", true)
66 |> Map.put("blocking_user", user)
68 activities = ActivityPub.fetch_public_activities(params)
71 |> render(ActivityView, "index.json", %{activities: activities, for: user})
74 def friends_timeline(%{assigns: %{user: user}} = conn, params) do
77 |> Map.put("type", ["Create", "Announce", "Follow", "Like"])
78 |> Map.put("blocking_user", user)
79 |> Map.put("user", user)
82 ActivityPub.fetch_activities([user.ap_id | user.following], params)
83 |> ActivityPub.contain_timeline(user)
86 |> render(ActivityView, "index.json", %{activities: activities, for: user})
89 def show_user(conn, params) do
90 with {:ok, shown} <- TwitterAPI.get_user(params) do
91 if user = conn.assigns.user do
92 render(conn, UserView, "show.json", %{user: shown, for: user})
94 render(conn, UserView, "show.json", %{user: shown})
98 bad_request_reply(conn, msg)
102 def user_timeline(%{assigns: %{user: user}} = conn, params) do
103 case TwitterAPI.get_user(user, params) do
104 {:ok, target_user} ->
105 activities = ActivityPub.fetch_user_activities(target_user, user, params)
108 |> render(ActivityView, "index.json", %{activities: activities, for: user})
111 bad_request_reply(conn, msg)
115 def mentions_timeline(%{assigns: %{user: user}} = conn, params) do
118 |> Map.put("type", ["Create", "Announce", "Follow", "Like"])
119 |> Map.put("blocking_user", user)
121 activities = ActivityPub.fetch_activities([user.ap_id], params)
124 |> render(ActivityView, "index.json", %{activities: activities, for: user})
127 def dm_timeline(%{assigns: %{user: user}} = conn, params) do
129 ActivityPub.fetch_activities_query(
131 Map.merge(params, %{"type" => "Create", "user" => user, visibility: "direct"})
134 activities = Repo.all(query)
137 |> render(ActivityView, "index.json", %{activities: activities, for: user})
140 def notifications(%{assigns: %{user: user}} = conn, params) do
141 notifications = Notification.for_user(user, params)
144 |> render(NotificationView, "notification.json", %{notifications: notifications, for: user})
147 def notifications_read(%{assigns: %{user: user}} = conn, %{"latest_id" => latest_id} = params) do
148 Notification.set_read_up_to(user, latest_id)
150 notifications = Notification.for_user(user, params)
153 |> render(NotificationView, "notification.json", %{notifications: notifications, for: user})
156 def notifications_read(%{assigns: %{user: _user}} = conn, _) do
157 bad_request_reply(conn, "You need to specify latest_id")
160 def follow(%{assigns: %{user: user}} = conn, params) do
161 case TwitterAPI.follow(user, params) do
162 {:ok, user, followed, _activity} ->
163 render(conn, UserView, "show.json", %{user: followed, for: user})
166 forbidden_json_reply(conn, msg)
170 def block(%{assigns: %{user: user}} = conn, params) do
171 case TwitterAPI.block(user, params) do
172 {:ok, user, blocked} ->
173 render(conn, UserView, "show.json", %{user: blocked, for: user})
176 forbidden_json_reply(conn, msg)
180 def unblock(%{assigns: %{user: user}} = conn, params) do
181 case TwitterAPI.unblock(user, params) do
182 {:ok, user, blocked} ->
183 render(conn, UserView, "show.json", %{user: blocked, for: user})
186 forbidden_json_reply(conn, msg)
190 def delete_post(%{assigns: %{user: user}} = conn, %{"id" => id}) do
191 with {:ok, activity} <- TwitterAPI.delete(user, id) do
192 render(conn, ActivityView, "activity.json", %{activity: activity, for: user})
196 def unfollow(%{assigns: %{user: user}} = conn, params) do
197 case TwitterAPI.unfollow(user, params) do
198 {:ok, user, unfollowed} ->
199 render(conn, UserView, "show.json", %{user: unfollowed, for: user})
202 forbidden_json_reply(conn, msg)
206 def fetch_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
207 with %Activity{} = activity <- Repo.get(Activity, id),
208 true <- ActivityPub.visible_for_user?(activity, user) do
209 render(conn, ActivityView, "activity.json", %{activity: activity, for: user})
213 def fetch_conversation(%{assigns: %{user: user}} = conn, %{"id" => id}) do
214 id = String.to_integer(id)
216 with context when is_binary(context) <- TwitterAPI.conversation_id_to_context(id),
218 ActivityPub.fetch_activities_for_context(context, %{
219 "blocking_user" => user,
223 |> render(ActivityView, "index.json", %{activities: activities, for: user})
228 Updates metadata of uploaded media object.
229 Derived from [Twitter API endpoint](https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-metadata-create).
231 def update_media(%{assigns: %{user: user}} = conn, %{"media_id" => id} = data) do
232 object = Repo.get(Object, id)
233 description = get_in(data, ["alt_text", "text"]) || data["name"] || data["description"]
235 {conn, status, response_body} =
238 {halt(conn), :not_found, ""}
240 !Object.authorize_mutation(object, user) ->
241 {halt(conn), :forbidden, "You can only update your own uploads."}
243 !is_binary(description) ->
244 {conn, :not_modified, ""}
247 new_data = Map.put(object.data, "name", description)
251 |> Object.change(%{data: new_data})
254 {conn, :no_content, ""}
258 |> put_status(status)
259 |> json(response_body)
262 def upload(%{assigns: %{user: user}} = conn, %{"media" => media}) do
263 response = TwitterAPI.upload(media, user)
266 |> put_resp_content_type("application/atom+xml")
267 |> send_resp(200, response)
270 def upload_json(%{assigns: %{user: user}} = conn, %{"media" => media}) do
271 response = TwitterAPI.upload(media, user, "json")
274 |> json_reply(200, response)
277 def get_by_id_or_ap_id(id) do
278 activity = Repo.get(Activity, id) || Activity.get_create_activity_by_object_ap_id(id)
280 if activity.data["type"] == "Create" do
283 Activity.get_create_activity_by_object_ap_id(activity.data["object"])
287 def favorite(%{assigns: %{user: user}} = conn, %{"id" => id}) do
288 with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)},
289 {:ok, activity} <- TwitterAPI.fav(user, id) do
290 render(conn, ActivityView, "activity.json", %{activity: activity, for: user})
294 def unfavorite(%{assigns: %{user: user}} = conn, %{"id" => id}) do
295 with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)},
296 {:ok, activity} <- TwitterAPI.unfav(user, id) do
297 render(conn, ActivityView, "activity.json", %{activity: activity, for: user})
301 def retweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do
302 with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)},
303 {:ok, activity} <- TwitterAPI.repeat(user, id) do
304 render(conn, ActivityView, "activity.json", %{activity: activity, for: user})
308 def unretweet(%{assigns: %{user: user}} = conn, %{"id" => id}) do
309 with {_, {:ok, id}} <- {:param_cast, Ecto.Type.cast(:integer, id)},
310 {:ok, activity} <- TwitterAPI.unrepeat(user, id) do
311 render(conn, ActivityView, "activity.json", %{activity: activity, for: user})
315 def register(conn, params) do
316 with {:ok, user} <- TwitterAPI.register_user(params) do
317 render(conn, UserView, "show.json", %{user: user})
321 |> json_reply(400, Jason.encode!(errors))
325 def update_avatar(%{assigns: %{user: user}} = conn, params) do
326 {:ok, object} = ActivityPub.upload(params, type: :avatar)
327 change = Changeset.change(user, %{avatar: object.data})
328 {:ok, user} = User.update_and_set_cache(change)
329 CommonAPI.update(user)
331 render(conn, UserView, "show.json", %{user: user, for: user})
334 def update_banner(%{assigns: %{user: user}} = conn, params) do
335 with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}, type: :banner),
336 new_info <- %{"banner" => object.data},
337 info_cng <- User.Info.profile_update(user.info, new_info),
338 changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng),
339 {:ok, user} <- User.update_and_set_cache(changeset) do
340 CommonAPI.update(user)
341 %{"url" => [%{"href" => href} | _]} = object.data
342 response = %{url: href} |> Jason.encode!()
345 |> json_reply(200, response)
349 def update_background(%{assigns: %{user: user}} = conn, params) do
350 with {:ok, object} <- ActivityPub.upload(params, type: :background),
351 new_info <- %{"background" => object.data},
352 info_cng <- User.Info.profile_update(user.info, new_info),
353 changeset <- Ecto.Changeset.change(user) |> Ecto.Changeset.put_embed(:info, info_cng),
354 {:ok, _user} <- User.update_and_set_cache(changeset) do
355 %{"url" => [%{"href" => href} | _]} = object.data
356 response = %{url: href} |> Jason.encode!()
359 |> json_reply(200, response)
363 def external_profile(%{assigns: %{user: current_user}} = conn, %{"profileurl" => uri}) do
364 with {:ok, user_map} <- TwitterAPI.get_external_profile(current_user, uri),
365 response <- Jason.encode!(user_map) do
367 |> json_reply(200, response)
372 |> json(%{error: "Can't find user"})
376 def followers(%{assigns: %{user: for_user}} = conn, params) do
377 with {:ok, user} <- TwitterAPI.get_user(for_user, params),
378 {:ok, followers} <- User.get_followers(user) do
381 for_user && user.id == for_user.id -> followers
382 user.info.hide_network -> []
386 render(conn, UserView, "index.json", %{users: followers, for: conn.assigns[:user]})
388 _e -> bad_request_reply(conn, "Can't get followers")
392 def friends(%{assigns: %{user: for_user}} = conn, params) do
393 with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params),
394 {:ok, friends} <- User.get_friends(user) do
397 for_user && user.id == for_user.id -> friends
398 user.info.hide_network -> []
402 render(conn, UserView, "index.json", %{users: friends, for: conn.assigns[:user]})
404 _e -> bad_request_reply(conn, "Can't get friends")
408 def friend_requests(conn, params) do
409 with {:ok, user} <- TwitterAPI.get_user(conn.assigns[:user], params),
410 {:ok, friend_requests} <- User.get_follow_requests(user) do
411 render(conn, UserView, "index.json", %{users: friend_requests, for: conn.assigns[:user]})
413 _e -> bad_request_reply(conn, "Can't get friend requests")
417 def approve_friend_request(conn, %{"user_id" => uid} = _params) do
418 with followed <- conn.assigns[:user],
419 uid when is_number(uid) <- String.to_integer(uid),
420 %User{} = follower <- Repo.get(User, uid),
421 {:ok, follower} <- User.maybe_follow(follower, followed),
422 %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
423 {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "accept"),
425 ActivityPub.accept(%{
426 to: [follower.ap_id],
427 actor: followed.ap_id,
428 object: follow_activity.data["id"],
431 render(conn, UserView, "show.json", %{user: follower, for: followed})
433 e -> bad_request_reply(conn, "Can't approve user: #{inspect(e)}")
437 def deny_friend_request(conn, %{"user_id" => uid} = _params) do
438 with followed <- conn.assigns[:user],
439 uid when is_number(uid) <- String.to_integer(uid),
440 %User{} = follower <- Repo.get(User, uid),
441 %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
442 {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "reject"),
444 ActivityPub.reject(%{
445 to: [follower.ap_id],
446 actor: followed.ap_id,
447 object: follow_activity.data["id"],
450 render(conn, UserView, "show.json", %{user: follower, for: followed})
452 e -> bad_request_reply(conn, "Can't deny user: #{inspect(e)}")
456 def friends_ids(%{assigns: %{user: user}} = conn, _params) do
457 with {:ok, friends} <- User.get_friends(user) do
460 |> Enum.map(fn x -> x.id end)
465 _e -> bad_request_reply(conn, "Can't get friends")
469 def empty_array(conn, _params) do
470 json(conn, Jason.encode!([]))
473 def raw_empty_array(conn, _params) do
477 defp build_info_cng(user, params) do
479 ["no_rich_text", "locked", "hide_network"]
480 |> Enum.reduce(%{}, fn key, res ->
481 if value = params[key] do
482 Map.put(res, key, value == "true")
489 if value = params["default_scope"] do
490 Map.put(info_params, "default_scope", value)
495 User.Info.profile_update(user.info, info_params)
498 defp parse_profile_bio(user, params) do
499 if bio = params["description"] do
500 Map.put(params, "bio", User.parse_bio(bio, user))
506 def update_profile(%{assigns: %{user: user}} = conn, params) do
507 params = parse_profile_bio(user, params)
508 info_cng = build_info_cng(user, params)
510 with changeset <- User.update_changeset(user, params),
511 changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng),
512 {:ok, user} <- User.update_and_set_cache(changeset) do
513 CommonAPI.update(user)
514 render(conn, UserView, "user.json", %{user: user, for: user})
517 Logger.debug("Can't update user: #{inspect(error)}")
518 bad_request_reply(conn, "Can't update user")
522 def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
523 activities = TwitterAPI.search(user, params)
526 |> render(ActivityView, "index.json", %{activities: activities, for: user})
529 def search_user(%{assigns: %{user: user}} = conn, %{"query" => query}) do
530 users = User.search(query, true)
533 |> render(UserView, "index.json", %{users: users, for: user})
536 defp bad_request_reply(conn, error_message) do
537 json = error_json(conn, error_message)
538 json_reply(conn, 400, json)
541 defp json_reply(conn, status, json) do
543 |> put_resp_content_type("application/json")
544 |> send_resp(status, json)
547 defp forbidden_json_reply(conn, error_message) do
548 json = error_json(conn, error_message)
549 json_reply(conn, 403, json)
552 def only_if_public_instance(conn = %{conn: %{assigns: %{user: _user}}}, _), do: conn
554 def only_if_public_instance(conn, _) do
555 if Keyword.get(Application.get_env(:pleroma, :instance), :public) do
559 |> forbidden_json_reply("Invalid credentials.")
564 defp error_json(conn, error_message) do
565 %{"error" => error_message, "request" => conn.request_path} |> Jason.encode!()
568 def errors(conn, {:param_cast, _}) do
571 |> json("Invalid parameters")
574 def errors(conn, _) do
577 |> json("Something went wrong")