Merge remote-tracking branch 'origin/develop' into global-status-expiration

[akkoma] / lib / pleroma / web / twitter_api / twitter_api_controller.ex

diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
index 1c3b11a57174649ca4941bf4ad724198a0392869..0229aea975bba9bd2ca7adb23796bc00c4f57d2f 100644 (file)
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@@ -1,29 +1,32 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.TwitterAPI.Controller do
   use Pleroma.Web, :controller
 
-  alias Ecto.Changeset
+  alias Pleroma.Notification
+  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.OAuth.Token
   alias Pleroma.Web.TwitterAPI.TokenView
 
   require Logger
 
+  plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :notifications_read)
+
+  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
+
   action_fallback(:errors)
 
   def confirm_email(conn, %{"user_id" => uid, "token" => token}) do
     with %User{} = user <- User.get_cached_by_id(uid),
-         true <- user.local,
-         true <- user.info.confirmation_pending,
-         true <- user.info.confirmation_token == token,
-         info_change <- User.Info.confirmation_changeset(user.info, need_confirmation: false),
-         changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change),
-         {:ok, _} <- User.update_and_set_cache(changeset) do
-      conn
-      |> redirect(to: "/")
+         true <- user.local and user.confirmation_pending and user.confirmation_token == token,
+         {:ok, _} <-
+           user
+           |> User.confirmation_changeset(need_confirmation: false)
+           |> User.update_and_set_cache() do
+      redirect(conn, to: "/")
     end
   end
 
@@ -58,4 +61,28 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
     |> put_resp_content_type("application/json")
     |> send_resp(status, json)
   end
+
+  def notifications_read(%{assigns: %{user: user}} = conn, %{"latest_id" => latest_id} = params) do
+    Notification.set_read_up_to(user, latest_id)
+
+    notifications = Notification.for_user(user, params)
+
+    conn
+    # XXX: This is a hack because pleroma-fe still uses that API.
+    |> put_view(Pleroma.Web.MastodonAPI.NotificationView)
+    |> render("index.json", %{notifications: notifications, for: user})
+  end
+
+  def notifications_read(%{assigns: %{user: _user}} = conn, _) do
+    bad_request_reply(conn, "You need to specify latest_id")
+  end
+
+  defp bad_request_reply(conn, error_message) do
+    json = error_json(conn, error_message)
+    json_reply(conn, 400, json)
+  end
+
+  defp error_json(conn, error_message) do
+    %{"error" => error_message, "request" => conn.request_path} |> Jason.encode!()
+  end
 end