+ plug(
+ OpenApiSpex.Plug.PutApiSpec,
+ [module: Pleroma.Web.ApiSpec] when action == :confirmation_resend
+ )
+
+ plug(Pleroma.Web.ApiSpec.CastAndValidate)
+
+ plug(
+ :skip_plug,
+ [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :confirmation_resend
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["follow", "write:follows"]} when action in [:subscribe, :unsubscribe]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:accounts"]}
+ # Note: the following actions are not permission-secured in Mastodon:
+ when action in [
+ :update_avatar,
+ :update_banner,
+ :update_background
+ ]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read:favourites"], fallback: :proceed_unauthenticated} when action == :favourites
+ )
+
+ plug(RateLimiter, [name: :account_confirmation_resend] when action == :confirmation_resend)
+