# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.TwitterAPI.Controller do
use Pleroma.Web, :controller
- alias Ecto.Changeset
+ alias Pleroma.Notification
+ alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
+ alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User
alias Pleroma.Web.OAuth.Token
alias Pleroma.Web.TwitterAPI.TokenView
require Logger
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:notifications"]} when action == :mark_notifications_as_read
+ )
+
+ plug(
+ :skip_plug,
+ [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :confirm_email
+ )
+
+ plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])
+
action_fallback(:errors)
def confirm_email(conn, %{"user_id" => uid, "token" => token}) do
with %User{} = user <- User.get_cached_by_id(uid),
- true <- user.local,
- true <- user.info.confirmation_pending,
- true <- user.info.confirmation_token == token,
- info_change <- User.Info.confirmation_changeset(user.info, need_confirmation: false),
- changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change),
- {:ok, _} <- User.update_and_set_cache(changeset) do
- conn
- |> redirect(to: "/")
+ true <- user.local and user.confirmation_pending and user.confirmation_token == token,
+ {:ok, _} <-
+ user
+ |> User.confirmation_changeset(need_confirmation: false)
+ |> User.update_and_set_cache() do
+ redirect(conn, to: "/")
end
end
json_reply(conn, 201, "")
end
- def errors(conn, {:param_cast, _}) do
+ defp errors(conn, {:param_cast, _}) do
conn
|> put_status(400)
|> json("Invalid parameters")
end
- def errors(conn, _) do
+ defp errors(conn, _) do
conn
|> put_status(500)
|> json("Something went wrong")
|> put_resp_content_type("application/json")
|> send_resp(status, json)
end
+
+ def mark_notifications_as_read(
+ %{assigns: %{user: user}} = conn,
+ %{"latest_id" => latest_id} = params
+ ) do
+ Notification.set_read_up_to(user, latest_id)
+
+ notifications = Notification.for_user(user, params)
+
+ conn
+ # XXX: This is a hack because pleroma-fe still uses that API.
+ |> put_view(Pleroma.Web.MastodonAPI.NotificationView)
+ |> render("index.json", %{notifications: notifications, for: user})
+ end
+
+ def mark_notifications_as_read(%{assigns: %{user: _user}} = conn, _) do
+ bad_request_reply(conn, "You need to specify latest_id")
+ end
+
+ defp bad_request_reply(conn, error_message) do
+ json = error_json(conn, error_message)
+ json_reply(conn, 400, json)
+ end
+
+ defp error_json(conn, error_message) do
+ %{"error" => error_message, "request" => conn.request_path} |> Jason.encode!()
+ end
end