projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixed OAuth restrictions for :api routes. Made auth info dropped for :api routes...
[akkoma]
/
lib
/
pleroma
/
web
/
mastodon_api
/
controllers
/
timeline_controller.ex
diff --git
a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
index b3c58005eb170e6a2cbebef154eb63449ce2732f..040a0b9dd247d7c8eb33f1442e2c85841f993657 100644
(file)
--- a/
lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
+++ b/
lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
@@
-9,6
+9,7
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
only: [add_link_headers: 2, add_link_headers: 3, truthy_param?: 1, skip_relationships?: 1]
alias Pleroma.Pagination
only: [add_link_headers: 2, add_link_headers: 3, truthy_param?: 1, skip_relationships?: 1]
alias Pleroma.Pagination
+ alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.Plugs.RateLimiter
alias Pleroma.User
alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.Plugs.RateLimiter
alias Pleroma.User
@@
-26,7
+27,13
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
plug(OAuthScopesPlug, %{scopes: ["read:statuses"]} when action in [:home, :direct])
plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :list)
plug(OAuthScopesPlug, %{scopes: ["read:statuses"]} when action in [:home, :direct])
plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :list)
- plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :public)
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read:statuses"], fallback: :proceed_unauthenticated}
+ when action in [:public, :hashtag]
+ )
+
+ plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action in [:public, :hashtag])
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
@@
-93,7
+100,9
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
restrict? = Pleroma.Config.get([:restrict_unauthenticated, :timelines, cfg_key])
restrict? = Pleroma.Config.get([:restrict_unauthenticated, :timelines, cfg_key])
- if not (restrict? and is_nil(user)) do
+ if restrict? and is_nil(user) do
+ render_error(conn, :unauthorized, "authorization required for timeline view")
+ else
activities =
params
|> Map.put("type", ["Create", "Announce"])
activities =
params
|> Map.put("type", ["Create", "Announce"])
@@
-110,12
+119,10
@@
defmodule Pleroma.Web.MastodonAPI.TimelineController do
as: :activity,
skip_relationships: skip_relationships?(params)
)
as: :activity,
skip_relationships: skip_relationships?(params)
)
- else
- render_error(conn, :unauthorized, "authorization required for timeline view")
end
end
end
end
- def hashtag_fetching(params, user, local_only) do
+ def
p
hashtag_fetching(params, user, local_only) do
tags =
[params["tag"], params["any"]]
|> List.flatten()
tags =
[params["tag"], params["any"]]
|> List.flatten()