+ try_render(conn, StatusView, "status.json", %{activity: activity, for: user, as: :activity})
+ end
+ end
+
+ def notifications(%{assigns: %{user: user}} = conn, params) do
+ notifications = Notification.for_user(user, params)
+
+ result =
+ Enum.map(notifications, fn x ->
+ render_notification(user, x)
+ end)
+ |> Enum.filter(& &1)
+
+ conn
+ |> add_link_headers(:notifications, notifications)
+ |> json(result)
+ end
+
+ def get_notification(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do
+ with {:ok, notification} <- Notification.get(user, id) do
+ json(conn, render_notification(user, notification))
+ else
+ {:error, reason} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => reason}))
+ end
+ end
+
+ def clear_notifications(%{assigns: %{user: user}} = conn, _params) do
+ Notification.clear(user)
+ json(conn, %{})
+ end
+
+ def dismiss_notification(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do
+ with {:ok, _notif} <- Notification.dismiss(user, id) do
+ json(conn, %{})
+ else
+ {:error, reason} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => reason}))
+ end
+ end
+
+ def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do
+ id = List.wrap(id)
+ q = from(u in User, where: u.id in ^id)
+ targets = Repo.all(q)
+ render(conn, AccountView, "relationships.json", %{user: user, targets: targets})
+ end
+
+ # Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
+ def relationships(%{assigns: %{user: user}} = conn, _) do
+ conn
+ |> json([])
+ end
+
+ def update_media(%{assigns: %{user: _}} = conn, data) do
+ with %Object{} = object <- Repo.get(Object, data["id"]),
+ true <- is_binary(data["description"]),
+ description <- data["description"] do
+ new_data = %{object.data | "name" => description}
+
+ change = Object.change(object, %{data: new_data})
+ {:ok, _} = Repo.update(change)
+
+ data =
+ new_data
+ |> Map.put("id", object.id)
+
+ render(conn, StatusView, "attachment.json", %{attachment: data})
+ end
+ end
+
+ def upload(%{assigns: %{user: _}} = conn, %{"file" => file} = data) do
+ with {:ok, object} <- ActivityPub.upload(file, description: Map.get(data, "description")) do
+ change = Object.change(object, %{data: object.data})
+ {:ok, object} = Repo.update(change)
+
+ objdata =
+ object.data
+ |> Map.put("id", object.id)
+
+ render(conn, StatusView, "attachment.json", %{attachment: objdata})
+ end
+ end
+
+ def favourited_by(conn, %{"id" => id}) do
+ with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id),
+ %Object{data: %{"likes" => likes}} <- Object.normalize(object) do
+ q = from(u in User, where: u.ap_id in ^likes)
+ users = Repo.all(q)
+ render(conn, AccountView, "accounts.json", %{users: users, as: :user})
+ else
+ _ -> json(conn, [])
+ end
+ end
+
+ def reblogged_by(conn, %{"id" => id}) do
+ with %Activity{data: %{"object" => object}} <- Repo.get(Activity, id),
+ %Object{data: %{"announcements" => announces}} <- Object.normalize(object) do
+ q = from(u in User, where: u.ap_id in ^announces)
+ users = Repo.all(q)
+ render(conn, AccountView, "accounts.json", %{users: users, as: :user})
+ else
+ _ -> json(conn, [])
+ end
+ end
+
+ def hashtag_timeline(%{assigns: %{user: user}} = conn, params) do
+ local_only = params["local"] in [true, "True", "true", "1"]
+
+ params =
+ params
+ |> Map.put("type", "Create")
+ |> Map.put("local_only", local_only)
+ |> Map.put("blocking_user", user)
+ |> Map.put("tag", String.downcase(params["tag"]))
+
+ activities =
+ ActivityPub.fetch_public_activities(params)
+ |> Enum.reverse()
+
+ conn
+ |> add_link_headers(:hashtag_timeline, activities, params["tag"], %{"local" => local_only})
+ |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity})
+ end
+
+ # TODO: Pagination
+ def followers(conn, %{"id" => id}) do
+ with %User{} = user <- Repo.get(User, id),
+ {:ok, followers} <- User.get_followers(user) do
+ render(conn, AccountView, "accounts.json", %{users: followers, as: :user})
+ end
+ end
+
+ def following(conn, %{"id" => id}) do
+ with %User{} = user <- Repo.get(User, id),
+ {:ok, followers} <- User.get_friends(user) do
+ render(conn, AccountView, "accounts.json", %{users: followers, as: :user})
+ end
+ end
+
+ def follow_requests(%{assigns: %{user: followed}} = conn, _params) do
+ with {:ok, follow_requests} <- User.get_follow_requests(followed) do
+ render(conn, AccountView, "accounts.json", %{users: follow_requests, as: :user})
+ end
+ end
+
+ def authorize_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do
+ with %User{} = follower <- Repo.get(User, id),
+ {:ok, follower} <- User.maybe_follow(follower, followed),
+ %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
+ {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "accept"),
+ {:ok, _activity} <-
+ ActivityPub.accept(%{
+ to: [follower.ap_id],
+ actor: followed.ap_id,
+ object: follow_activity.data["id"],
+ type: "Accept"
+ }) do
+ render(conn, AccountView, "relationship.json", %{user: followed, target: follower})
+ else
+ {:error, message} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => message}))
+ end
+ end
+
+ def reject_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do
+ with %User{} = follower <- Repo.get(User, id),
+ %Activity{} = follow_activity <- Utils.fetch_latest_follow(follower, followed),
+ {:ok, follow_activity} <- Utils.update_follow_state(follow_activity, "reject"),
+ {:ok, _activity} <-
+ ActivityPub.reject(%{
+ to: [follower.ap_id],
+ actor: followed.ap_id,
+ object: follow_activity.data["id"],
+ type: "Reject"
+ }) do
+ render(conn, AccountView, "relationship.json", %{user: followed, target: follower})
+ else
+ {:error, message} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => message}))
+ end
+ end
+
+ def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do
+ with %User{} = followed <- Repo.get(User, id),
+ {:ok, follower} <- User.maybe_direct_follow(follower, followed),
+ {:ok, _activity} <- ActivityPub.follow(follower, followed),
+ {:ok, follower, followed} <-
+ User.wait_and_refresh(
+ Pleroma.Config.get([:activitypub, :follow_handshake_timeout]),
+ follower,
+ followed
+ ) do
+ render(conn, AccountView, "relationship.json", %{user: follower, target: followed})
+ else
+ {:error, message} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => message}))
+ end
+ end
+
+ def follow(%{assigns: %{user: follower}} = conn, %{"uri" => uri}) do
+ with %User{} = followed <- Repo.get_by(User, nickname: uri),
+ {:ok, follower} <- User.maybe_direct_follow(follower, followed),
+ {:ok, _activity} <- ActivityPub.follow(follower, followed) do
+ render(conn, AccountView, "account.json", %{user: followed, for: follower})
+ else
+ {:error, message} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => message}))
+ end
+ end
+
+ def unfollow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do
+ with %User{} = followed <- Repo.get(User, id),
+ {:ok, _activity} <- ActivityPub.unfollow(follower, followed),
+ {:ok, follower, _} <- User.unfollow(follower, followed) do
+ render(conn, AccountView, "relationship.json", %{user: follower, target: followed})
+ end
+ end
+
+ def block(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do
+ with %User{} = blocked <- Repo.get(User, id),
+ {:ok, blocker} <- User.block(blocker, blocked),
+ {:ok, _activity} <- ActivityPub.block(blocker, blocked) do
+ render(conn, AccountView, "relationship.json", %{user: blocker, target: blocked})
+ else
+ {:error, message} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => message}))
+ end
+ end
+
+ def unblock(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do
+ with %User{} = blocked <- Repo.get(User, id),
+ {:ok, blocker} <- User.unblock(blocker, blocked),
+ {:ok, _activity} <- ActivityPub.unblock(blocker, blocked) do
+ render(conn, AccountView, "relationship.json", %{user: blocker, target: blocked})
+ else
+ {:error, message} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => message}))
+ end
+ end
+
+ # TODO: Use proper query
+ def blocks(%{assigns: %{user: user}} = conn, _) do
+ with blocked_users <- user.info.blocks || [],
+ accounts <- Enum.map(blocked_users, fn ap_id -> User.get_cached_by_ap_id(ap_id) end) do
+ res = AccountView.render("accounts.json", users: accounts, for: user, as: :user)
+ json(conn, res)
+ end
+ end
+
+ def domain_blocks(%{assigns: %{user: %{info: info}}} = conn, _) do
+ json(conn, info.domain_blocks || [])
+ end
+
+ def block_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do
+ User.block_domain(blocker, domain)
+ json(conn, %{})
+ end
+
+ def unblock_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do
+ User.unblock_domain(blocker, domain)
+ json(conn, %{})
+ end
+
+ def status_search(query) do
+ fetched =
+ if Regex.match?(~r/https?:/, query) do
+ with {:ok, object} <- Fetcher.fetch_object_from_id(query) do
+ [Activity.get_create_activity_by_object_ap_id(object.data["id"])]
+ else
+ _e -> []
+ end
+ end || []
+
+ q =
+ from(
+ a in Activity,
+ where: fragment("?->>'type' = 'Create'", a.data),
+ where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
+ where:
+ fragment(
+ "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
+ a.data,
+ ^query
+ ),
+ limit: 20,
+ order_by: [desc: :id]
+ )
+
+ Repo.all(q) ++ fetched
+ end
+
+ def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
+ accounts = User.search(query, params["resolve"] == "true")
+
+ statuses = status_search(query)
+
+ tags_path = Web.base_url() <> "/tag/"
+
+ tags =
+ String.split(query)
+ |> Enum.uniq()
+ |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
+ |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
+ |> Enum.map(fn tag -> %{name: tag, url: tags_path <> tag} end)
+
+ res = %{
+ "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
+ "statuses" =>
+ StatusView.render("index.json", activities: statuses, for: user, as: :activity),
+ "hashtags" => tags
+ }
+
+ json(conn, res)
+ end
+
+ def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
+ accounts = User.search(query, params["resolve"] == "true")
+
+ statuses = status_search(query)
+
+ tags =
+ String.split(query)
+ |> Enum.uniq()
+ |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
+ |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
+
+ res = %{
+ "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
+ "statuses" =>
+ StatusView.render("index.json", activities: statuses, for: user, as: :activity),
+ "hashtags" => tags
+ }
+
+ json(conn, res)
+ end
+
+ def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
+ accounts = User.search(query, params["resolve"] == "true")
+
+ res = AccountView.render("accounts.json", users: accounts, for: user, as: :user)
+
+ json(conn, res)
+ end
+
+ def favourites(%{assigns: %{user: user}} = conn, _) do
+ params =
+ %{}
+ |> Map.put("type", "Create")
+ |> Map.put("favorited_by", user.ap_id)
+ |> Map.put("blocking_user", user)
+
+ activities =
+ ActivityPub.fetch_public_activities(params)
+ |> Enum.reverse()
+
+ conn
+ |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity})
+ end
+
+ def get_lists(%{assigns: %{user: user}} = conn, opts) do
+ lists = Pleroma.List.for_user(user, opts)
+ res = ListView.render("lists.json", lists: lists)
+ json(conn, res)
+ end
+
+ def get_list(%{assigns: %{user: user}} = conn, %{"id" => id}) do
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user) do
+ res = ListView.render("list.json", list: list)
+ json(conn, res)
+ else
+ _e -> json(conn, "error")
+ end
+ end
+
+ def account_lists(%{assigns: %{user: user}} = conn, %{"id" => account_id}) do
+ lists = Pleroma.List.get_lists_account_belongs(user, account_id)
+ res = ListView.render("lists.json", lists: lists)
+ json(conn, res)
+ end
+
+ def delete_list(%{assigns: %{user: user}} = conn, %{"id" => id}) do
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ {:ok, _list} <- Pleroma.List.delete(list) do
+ json(conn, %{})
+ else
+ _e ->
+ json(conn, "error")
+ end
+ end
+
+ def create_list(%{assigns: %{user: user}} = conn, %{"title" => title}) do
+ with {:ok, %Pleroma.List{} = list} <- Pleroma.List.create(title, user) do
+ res = ListView.render("list.json", list: list)
+ json(conn, res)
+ end
+ end
+
+ def add_to_list(%{assigns: %{user: user}} = conn, %{"id" => id, "account_ids" => accounts}) do
+ accounts
+ |> Enum.each(fn account_id ->
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ %User{} = followed <- Repo.get(User, account_id) do
+ Pleroma.List.follow(list, followed)
+ end
+ end)
+
+ json(conn, %{})
+ end
+
+ def remove_from_list(%{assigns: %{user: user}} = conn, %{"id" => id, "account_ids" => accounts}) do
+ accounts
+ |> Enum.each(fn account_id ->
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ %User{} = followed <- Repo.get(Pleroma.User, account_id) do
+ Pleroma.List.unfollow(list, followed)
+ end
+ end)
+
+ json(conn, %{})
+ end
+
+ def list_accounts(%{assigns: %{user: user}} = conn, %{"id" => id}) do
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ {:ok, users} = Pleroma.List.get_following(list) do
+ render(conn, AccountView, "accounts.json", %{users: users, as: :user})
+ end
+ end
+
+ def rename_list(%{assigns: %{user: user}} = conn, %{"id" => id, "title" => title}) do
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ {:ok, list} <- Pleroma.List.rename(list, title) do
+ res = ListView.render("list.json", list: list)
+ json(conn, res)
+ else
+ _e ->
+ json(conn, "error")
+ end
+ end
+
+ def list_timeline(%{assigns: %{user: user}} = conn, %{"list_id" => id} = params) do
+ with %Pleroma.List{title: title, following: following} <- Pleroma.List.get(id, user) do
+ params =
+ params
+ |> Map.put("type", "Create")
+ |> Map.put("blocking_user", user)
+
+ # we must filter the following list for the user to avoid leaking statuses the user
+ # does not actually have permission to see (for more info, peruse security issue #270).
+ following_to =
+ following
+ |> Enum.filter(fn x -> x in user.following end)
+
+ activities =
+ ActivityPub.fetch_activities_bounded(following_to, following, params)
+ |> Enum.reverse()
+
+ conn
+ |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity})
+ else
+ _e ->
+ conn
+ |> put_status(403)
+ |> json(%{error: "Error."})
+ end
+ end
+
+ def index(%{assigns: %{user: user}} = conn, _params) do
+ token =
+ conn
+ |> get_session(:oauth_token)
+
+ if user && token do
+ mastodon_emoji = mastodonized_emoji()
+
+ limit = Pleroma.Config.get([:instance, :limit])
+
+ accounts =
+ Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user}))
+
+ initial_state =
+ %{
+ meta: %{
+ streaming_api_base_url:
+ String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
+ access_token: token,
+ locale: "en",
+ domain: Pleroma.Web.Endpoint.host(),
+ admin: "1",
+ me: "#{user.id}",
+ unfollow_modal: false,
+ boost_modal: false,
+ delete_modal: true,
+ auto_play_gif: false,
+ display_sensitive_media: false,
+ reduce_motion: false,
+ max_toot_chars: limit
+ },
+ rights: %{
+ delete_others_notice: !!user.info.is_moderator
+ },
+ compose: %{
+ me: "#{user.id}",
+ default_privacy: user.info.default_scope,
+ default_sensitive: false
+ },
+ media_attachments: %{
+ accept_content_types: [
+ ".jpg",
+ ".jpeg",
+ ".png",
+ ".gif",
+ ".webm",
+ ".mp4",
+ ".m4v",
+ "image\/jpeg",
+ "image\/png",
+ "image\/gif",
+ "video\/webm",
+ "video\/mp4"
+ ]
+ },
+ settings:
+ Map.get(user.info, :settings) ||
+ %{
+ onboarded: true,
+ home: %{
+ shows: %{
+ reblog: true,
+ reply: true
+ }
+ },
+ notifications: %{
+ alerts: %{
+ follow: true,
+ favourite: true,
+ reblog: true,
+ mention: true
+ },
+ shows: %{
+ follow: true,
+ favourite: true,
+ reblog: true,
+ mention: true
+ },
+ sounds: %{
+ follow: true,
+ favourite: true,
+ reblog: true,
+ mention: true
+ }
+ }
+ },
+ push_subscription: nil,
+ accounts: accounts,
+ custom_emojis: mastodon_emoji,
+ char_limit: limit
+ }
+ |> Jason.encode!()
+
+ conn
+ |> put_layout(false)
+ |> render(MastodonView, "index.html", %{initial_state: initial_state})
+ else
+ conn
+ |> redirect(to: "/web/login")
+ end
+ end
+
+ def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
+ with new_info <- Map.put(user.info, "settings", settings),
+ change <- User.info_changeset(user, %{info: new_info}),
+ {:ok, _user} <- User.update_and_set_cache(change) do
+ conn
+ |> json(%{})
+ else
+ e ->
+ conn
+ |> json(%{error: inspect(e)})
+ end
+ end
+
+ def login(conn, %{"code" => code}) do
+ with {:ok, app} <- get_or_make_app(),
+ %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id),
+ {:ok, token} <- Token.exchange_token(app, auth) do
+ conn
+ |> put_session(:oauth_token, token.token)
+ |> redirect(to: "/web/getting-started")
+ end
+ end
+
+ def login(conn, _) do
+ with {:ok, app} <- get_or_make_app() do
+ path =
+ o_auth_path(
+ conn,
+ :authorize,
+ response_type: "code",
+ client_id: app.client_id,
+ redirect_uri: ".",
+ scope: app.scopes
+ )
+
+ conn
+ |> redirect(to: path)
+ end
+ end
+
+ defp get_or_make_app() do
+ with %App{} = app <- Repo.get_by(App, client_name: "Mastodon-Local") do
+ {:ok, app}
+ else
+ _e ->
+ cs =
+ App.register_changeset(%App{}, %{
+ client_name: "Mastodon-Local",
+ redirect_uris: ".",
+ scopes: "read,write,follow"
+ })
+
+ Repo.insert(cs)
+ end
+ end
+
+ def logout(conn, _) do
+ conn
+ |> clear_session
+ |> redirect(to: "/")
+ end
+
+ def relationship_noop(%{assigns: %{user: user}} = conn, %{"id" => id}) do
+ Logger.debug("Unimplemented, returning unmodified relationship")
+
+ with %User{} = target <- Repo.get(User, id) do
+ render(conn, AccountView, "relationship.json", %{user: user, target: target})