+ {:ok, _activity} <- ActivityPub.unfollow(follower, followed),
+ {:ok, follower, _} <- User.unfollow(follower, followed) do
+ render(conn, AccountView, "relationship.json", %{user: follower, target: followed})
+ end
+ end
+
+ def block(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do
+ with %User{} = blocked <- Repo.get(User, id),
+ {:ok, blocker} <- User.block(blocker, blocked),
+ {:ok, _activity} <- ActivityPub.block(blocker, blocked) do
+ render(conn, AccountView, "relationship.json", %{user: blocker, target: blocked})
+ else
+ {:error, message} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => message}))
+ end
+ end
+
+ def unblock(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do
+ with %User{} = blocked <- Repo.get(User, id),
+ {:ok, blocker} <- User.unblock(blocker, blocked),
+ {:ok, _activity} <- ActivityPub.unblock(blocker, blocked) do
+ render(conn, AccountView, "relationship.json", %{user: blocker, target: blocked})
+ else
+ {:error, message} ->
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{"error" => message}))
+ end
+ end
+
+ # TODO: Use proper query
+ def blocks(%{assigns: %{user: user}} = conn, _) do
+ with blocked_users <- user.info.blocks || [],
+ accounts <- Enum.map(blocked_users, fn ap_id -> User.get_cached_by_ap_id(ap_id) end) do
+ res = AccountView.render("accounts.json", users: accounts, for: user, as: :user)
+ json(conn, res)
+ end
+ end
+
+ def domain_blocks(%{assigns: %{user: %{info: info}}} = conn, _) do
+ json(conn, info.domain_blocks || [])
+ end
+
+ def block_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do
+ User.block_domain(blocker, domain)
+ json(conn, %{})
+ end
+
+ def unblock_domain(%{assigns: %{user: blocker}} = conn, %{"domain" => domain}) do
+ User.unblock_domain(blocker, domain)
+ json(conn, %{})
+ end
+
+ def status_search(query) do
+ fetched =
+ if Regex.match?(~r/https?:/, query) do
+ with {:ok, object} <- Fetcher.fetch_object_from_id(query) do
+ [Activity.get_create_activity_by_object_ap_id(object.data["id"])]
+ else
+ _e -> []
+ end
+ end || []
+
+ q =
+ from(
+ a in Activity,
+ where: fragment("?->>'type' = 'Create'", a.data),
+ where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
+ where:
+ fragment(
+ "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
+ a.data,
+ ^query
+ ),
+ limit: 20,
+ order_by: [desc: :id]
+ )
+
+ Repo.all(q) ++ fetched
+ end
+
+ def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
+ accounts = User.search(query, params["resolve"] == "true")
+
+ statuses = status_search(query)
+
+ tags_path = Web.base_url() <> "/tag/"
+
+ tags =
+ String.split(query)
+ |> Enum.uniq()
+ |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
+ |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
+ |> Enum.map(fn tag -> %{name: tag, url: tags_path <> tag} end)
+
+ res = %{
+ "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
+ "statuses" =>
+ StatusView.render("index.json", activities: statuses, for: user, as: :activity),
+ "hashtags" => tags
+ }
+
+ json(conn, res)
+ end
+
+ def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
+ accounts = User.search(query, params["resolve"] == "true")
+
+ statuses = status_search(query)
+
+ tags =
+ String.split(query)
+ |> Enum.uniq()
+ |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
+ |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
+
+ res = %{
+ "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
+ "statuses" =>
+ StatusView.render("index.json", activities: statuses, for: user, as: :activity),
+ "hashtags" => tags
+ }
+
+ json(conn, res)
+ end
+
+ def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
+ accounts = User.search(query, params["resolve"] == "true")
+
+ res = AccountView.render("accounts.json", users: accounts, for: user, as: :user)
+
+ json(conn, res)
+ end
+
+ def favourites(%{assigns: %{user: user}} = conn, _) do
+ params =
+ %{}
+ |> Map.put("type", "Create")
+ |> Map.put("favorited_by", user.ap_id)
+ |> Map.put("blocking_user", user)
+
+ activities =
+ ActivityPub.fetch_public_activities(params)
+ |> Enum.reverse()
+
+ conn
+ |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity})
+ end
+
+ def get_lists(%{assigns: %{user: user}} = conn, opts) do
+ lists = Pleroma.List.for_user(user, opts)
+ res = ListView.render("lists.json", lists: lists)
+ json(conn, res)
+ end
+
+ def get_list(%{assigns: %{user: user}} = conn, %{"id" => id}) do
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user) do
+ res = ListView.render("list.json", list: list)
+ json(conn, res)
+ else
+ _e -> json(conn, "error")
+ end
+ end
+
+ def account_lists(%{assigns: %{user: user}} = conn, %{"id" => account_id}) do
+ lists = Pleroma.List.get_lists_account_belongs(user, account_id)
+ res = ListView.render("lists.json", lists: lists)
+ json(conn, res)
+ end
+
+ def delete_list(%{assigns: %{user: user}} = conn, %{"id" => id}) do
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ {:ok, _list} <- Pleroma.List.delete(list) do
+ json(conn, %{})
+ else
+ _e ->
+ json(conn, "error")
+ end
+ end
+
+ def create_list(%{assigns: %{user: user}} = conn, %{"title" => title}) do
+ with {:ok, %Pleroma.List{} = list} <- Pleroma.List.create(title, user) do
+ res = ListView.render("list.json", list: list)
+ json(conn, res)
+ end
+ end
+
+ def add_to_list(%{assigns: %{user: user}} = conn, %{"id" => id, "account_ids" => accounts}) do
+ accounts
+ |> Enum.each(fn account_id ->
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ %User{} = followed <- Repo.get(User, account_id) do
+ Pleroma.List.follow(list, followed)
+ end
+ end)
+
+ json(conn, %{})
+ end
+
+ def remove_from_list(%{assigns: %{user: user}} = conn, %{"id" => id, "account_ids" => accounts}) do
+ accounts
+ |> Enum.each(fn account_id ->
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ %User{} = followed <- Repo.get(Pleroma.User, account_id) do
+ Pleroma.List.unfollow(list, followed)
+ end
+ end)
+
+ json(conn, %{})
+ end
+
+ def list_accounts(%{assigns: %{user: user}} = conn, %{"id" => id}) do
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ {:ok, users} = Pleroma.List.get_following(list) do
+ render(conn, AccountView, "accounts.json", %{users: users, as: :user})
+ end
+ end
+
+ def rename_list(%{assigns: %{user: user}} = conn, %{"id" => id, "title" => title}) do
+ with %Pleroma.List{} = list <- Pleroma.List.get(id, user),
+ {:ok, list} <- Pleroma.List.rename(list, title) do
+ res = ListView.render("list.json", list: list)
+ json(conn, res)
+ else
+ _e ->
+ json(conn, "error")
+ end
+ end
+
+ def list_timeline(%{assigns: %{user: user}} = conn, %{"list_id" => id} = params) do
+ with %Pleroma.List{title: title, following: following} <- Pleroma.List.get(id, user) do
+ params =
+ params
+ |> Map.put("type", "Create")
+ |> Map.put("blocking_user", user)
+
+ # we must filter the following list for the user to avoid leaking statuses the user
+ # does not actually have permission to see (for more info, peruse security issue #270).
+ following_to =
+ following
+ |> Enum.filter(fn x -> x in user.following end)
+
+ activities =
+ ActivityPub.fetch_activities_bounded(following_to, following, params)
+ |> Enum.reverse()
+
+ conn
+ |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity})
+ else
+ _e ->
+ conn
+ |> put_status(403)
+ |> json(%{error: "Error."})
+ end
+ end
+
+ def index(%{assigns: %{user: user}} = conn, _params) do
+ token =
+ conn
+ |> get_session(:oauth_token)
+
+ if user && token do
+ mastodon_emoji = mastodonized_emoji()
+
+ limit = Pleroma.Config.get([:instance, :limit])
+
+ accounts =
+ Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user}))
+
+ initial_state =
+ %{
+ meta: %{
+ streaming_api_base_url:
+ String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
+ access_token: token,
+ locale: "en",
+ domain: Pleroma.Web.Endpoint.host(),
+ admin: "1",
+ me: "#{user.id}",
+ unfollow_modal: false,
+ boost_modal: false,
+ delete_modal: true,
+ auto_play_gif: false,
+ display_sensitive_media: false,
+ reduce_motion: false,
+ max_toot_chars: limit
+ },
+ rights: %{
+ delete_others_notice: !!user.info.is_moderator
+ },
+ compose: %{
+ me: "#{user.id}",
+ default_privacy: user.info.default_scope,
+ default_sensitive: false
+ },
+ media_attachments: %{
+ accept_content_types: [
+ ".jpg",
+ ".jpeg",
+ ".png",
+ ".gif",
+ ".webm",
+ ".mp4",
+ ".m4v",
+ "image\/jpeg",
+ "image\/png",
+ "image\/gif",
+ "video\/webm",
+ "video\/mp4"
+ ]
+ },
+ settings:
+ Map.get(user.info, :settings) ||
+ %{
+ onboarded: true,
+ home: %{
+ shows: %{
+ reblog: true,
+ reply: true
+ }
+ },
+ notifications: %{
+ alerts: %{
+ follow: true,
+ favourite: true,
+ reblog: true,
+ mention: true
+ },
+ shows: %{
+ follow: true,
+ favourite: true,
+ reblog: true,
+ mention: true
+ },
+ sounds: %{
+ follow: true,
+ favourite: true,
+ reblog: true,
+ mention: true
+ }
+ }
+ },
+ push_subscription: nil,
+ accounts: accounts,
+ custom_emojis: mastodon_emoji,
+ char_limit: limit
+ }
+ |> Jason.encode!()
+
+ conn
+ |> put_layout(false)
+ |> render(MastodonView, "index.html", %{initial_state: initial_state})
+ else
+ conn
+ |> redirect(to: "/web/login")
+ end
+ end
+
+ def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
+ with new_info <- Map.put(user.info, "settings", settings),
+ change <- User.info_changeset(user, %{info: new_info}),
+ {:ok, _user} <- User.update_and_set_cache(change) do
+ conn
+ |> json(%{})
+ else
+ e ->
+ conn
+ |> json(%{error: inspect(e)})
+ end
+ end
+
+ def login(conn, %{"code" => code}) do
+ with {:ok, app} <- get_or_make_app(),
+ %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id),
+ {:ok, token} <- Token.exchange_token(app, auth) do
+ conn
+ |> put_session(:oauth_token, token.token)
+ |> redirect(to: "/web/getting-started")
+ end
+ end
+
+ def login(conn, _) do
+ with {:ok, app} <- get_or_make_app() do
+ path =
+ o_auth_path(
+ conn,
+ :authorize,
+ response_type: "code",
+ client_id: app.client_id,
+ redirect_uri: ".",
+ scope: app.scopes
+ )
+
+ conn
+ |> redirect(to: path)