projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixed OAuth restrictions for :api routes. Made auth info dropped for :api routes...
[akkoma]
/
lib
/
pleroma
/
web
/
mastodon_api
/
controllers
/
timeline_controller.ex
diff --git
a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
index 91f41416d4aad5381a1ee80c9989e0af34dfc905..040a0b9dd247d7c8eb33f1442e2c85841f993657 100644
(file)
--- a/
lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
+++ b/
lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
@@
-6,17
+6,17
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
use Pleroma.Web, :controller
import Pleroma.Web.ControllerHelper,
use Pleroma.Web, :controller
import Pleroma.Web.ControllerHelper,
- only: [add_link_headers: 2, add_link_headers: 3, truthy_param?: 1]
+ only: [add_link_headers: 2, add_link_headers: 3, truthy_param?: 1
, skip_relationships?: 1
]
alias Pleroma.Pagination
alias Pleroma.Pagination
+ alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.Plugs.RateLimiter
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.Plugs.RateLimiter
alias Pleroma.User
alias Pleroma.Web.ActivityPub.ActivityPub
- # TODO: Replace with a macro when there is a Phoenix release with
+ # TODO: Replace with a macro when there is a Phoenix release with
the following commit in it:
# https://github.com/phoenixframework/phoenix/commit/2e8c63c01fec4dde5467dbbbf9705ff9e780735e
# https://github.com/phoenixframework/phoenix/commit/2e8c63c01fec4dde5467dbbbf9705ff9e780735e
- # in it
plug(RateLimiter, [name: :timeline, bucket_name: :direct_timeline] when action == :direct)
plug(RateLimiter, [name: :timeline, bucket_name: :public_timeline] when action == :public)
plug(RateLimiter, [name: :timeline, bucket_name: :direct_timeline] when action == :direct)
plug(RateLimiter, [name: :timeline, bucket_name: :public_timeline] when action == :public)
@@
-27,7
+27,13
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
plug(OAuthScopesPlug, %{scopes: ["read:statuses"]} when action in [:home, :direct])
plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :list)
plug(OAuthScopesPlug, %{scopes: ["read:statuses"]} when action in [:home, :direct])
plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :list)
- plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :public)
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read:statuses"], fallback: :proceed_unauthenticated}
+ when action in [:public, :hashtag]
+ )
+
+ plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action in [:public, :hashtag])
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
@@
-49,7
+55,12
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
conn
|> add_link_headers(activities)
conn
|> add_link_headers(activities)
- |> render("index.json", activities: activities, for: user, as: :activity)
+ |> render("index.json",
+ activities: activities,
+ for: user,
+ as: :activity,
+ skip_relationships: skip_relationships?(params)
+ )
end
# GET /api/v1/timelines/direct
end
# GET /api/v1/timelines/direct
@@
-68,7
+79,12
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
conn
|> add_link_headers(activities)
conn
|> add_link_headers(activities)
- |> render("index.json", activities: activities, for: user, as: :activity)
+ |> render("index.json",
+ activities: activities,
+ for: user,
+ as: :activity,
+ skip_relationships: skip_relationships?(params)
+ )
end
# GET /api/v1/timelines/public
end
# GET /api/v1/timelines/public
@@
-84,7
+100,9
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
restrict? = Pleroma.Config.get([:restrict_unauthenticated, :timelines, cfg_key])
restrict? = Pleroma.Config.get([:restrict_unauthenticated, :timelines, cfg_key])
- if not (restrict? and is_nil(user)) do
+ if restrict? and is_nil(user) do
+ render_error(conn, :unauthorized, "authorization required for timeline view")
+ else
activities =
params
|> Map.put("type", ["Create", "Announce"])
activities =
params
|> Map.put("type", ["Create", "Announce"])
@@
-95,13
+113,16
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
conn
|> add_link_headers(activities, %{"local" => local_only})
conn
|> add_link_headers(activities, %{"local" => local_only})
- |> render("index.json", activities: activities, for: user, as: :activity)
- else
- render_error(conn, :unauthorized, "authorization required for timeline view")
+ |> render("index.json",
+ activities: activities,
+ for: user,
+ as: :activity,
+ skip_relationships: skip_relationships?(params)
+ )
end
end
end
end
- def hashtag_fetching(params, user, local_only) do
+ def
p
hashtag_fetching(params, user, local_only) do
tags =
[params["tag"], params["any"]]
|> List.flatten()
tags =
[params["tag"], params["any"]]
|> List.flatten()
@@
-140,7
+161,12
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
conn
|> add_link_headers(activities, %{"local" => local_only})
conn
|> add_link_headers(activities, %{"local" => local_only})
- |> render("index.json", activities: activities, for: user, as: :activity)
+ |> render("index.json",
+ activities: activities,
+ for: user,
+ as: :activity,
+ skip_relationships: skip_relationships?(params)
+ )
end
# GET /api/v1/timelines/list/:list_id
end
# GET /api/v1/timelines/list/:list_id
@@
-164,7
+190,12
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
|> ActivityPub.fetch_activities_bounded(following, params)
|> Enum.reverse()
|> ActivityPub.fetch_activities_bounded(following, params)
|> Enum.reverse()
- render(conn, "index.json", activities: activities, for: user, as: :activity)
+ render(conn, "index.json",
+ activities: activities,
+ for: user,
+ as: :activity,
+ skip_relationships: skip_relationships?(params)
+ )
else
_e -> render_error(conn, :forbidden, "Error.")
end
else
_e -> render_error(conn, :forbidden, "Error.")
end