Merge branch 'develop' into feature/store-statuses-data-inside-flag

[akkoma] / lib / pleroma / web / masto_fe_controller.ex

diff --git a/lib/pleroma/web/masto_fe_controller.ex b/lib/pleroma/web/masto_fe_controller.ex
index ac9af7502a324609916d6cbf6f6172da73ab3142..ca261ad6ed96a944822cc130e8bb6769a37ee407 100644 (file)
--- a/lib/pleroma/web/masto_fe_controller.ex
+++ b/lib/pleroma/web/masto_fe_controller.ex
@@ -5,8 +5,20 @@
 defmodule Pleroma.Web.MastoFEController do
   use Pleroma.Web, :controller
 
+  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
 
+  plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
+
+  # Note: :index action handles attempt of unauthenticated access to private instance with redirect
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["read"], fallback: :proceed_unauthenticated, skip_instance_privacy_check: true}
+    when action == :index
+  )
+
+  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :index)
+
   @doc "GET /web/*path"
   def index(%{assigns: %{user: user}} = conn, _params) do
     token = get_session(conn, :oauth_token)
@@ -22,9 +34,15 @@ defmodule Pleroma.Web.MastoFEController do
     end
   end
 
+  @doc "GET /web/manifest.json"
+  def manifest(conn, _params) do
+    conn
+    |> render("manifest.json")
+  end
+
   @doc "PUT /api/web/settings"
   def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
-    with {:ok, _} <- User.update_info(user, &User.Info.mastodon_settings_update(&1, settings)) do
+    with {:ok, _} <- User.mastodon_settings_update(user, settings) do
       json(conn, %{})
     else
       e ->