X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmastodon_api%2Fmastodon_api_controller.ex;h=9a470c36442f1f8e1a94a8ee7f2d30c7ea55d019;hb=e69faf550cd14cfee8f56f050a2a544b7450367c;hp=b930b002e55a135a0ed7646165dd1c29e6d3f8fb;hpb=d571a571fe969821923ea26c874c7cd77eec5465;p=akkoma diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index b930b002e..9a470c364 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.CommonAPI alias Pleroma.Web.OAuth.{Authorization, Token, App} + alias Pleroma.Web.MediaProxy alias Comeonin.Pbkdf2 import Ecto.Query require Logger @@ -97,7 +98,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do CommonAPI.update(user) end - json(conn, AccountView.render("account.json", %{user: user})) + json(conn, AccountView.render("account.json", %{user: user, for: user})) else _e -> conn @@ -107,13 +108,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def verify_credentials(%{assigns: %{user: user}} = conn, _) do - account = AccountView.render("account.json", %{user: user}) + account = AccountView.render("account.json", %{user: user, for: user}) json(conn, account) end - def user(conn, %{"id" => id}) do + def user(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do with %User{} = user <- Repo.get(User, id) do - account = AccountView.render("account.json", %{user: user}) + account = AccountView.render("account.json", %{user: user, for: for_user}) json(conn, account) else _e -> @@ -124,7 +125,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end @instance Application.get_env(:pleroma, :instance) - @mastodon_api_level "2.4.3" + @mastodon_api_level "2.5.0" def masto_instance(conn, _params) do response = %{ @@ -440,7 +441,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do new_data = %{object.data | "name" => description} change = Object.change(object, %{data: new_data}) - {:ok, media_obj} = Repo.update(change) + {:ok, _} = Repo.update(change) data = new_data @@ -573,7 +574,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do with %User{} = followed <- Repo.get(User, id), {:ok, follower} <- User.maybe_direct_follow(follower, followed), - {:ok, _activity} <- ActivityPub.follow(follower, followed) do + {:ok, _activity} <- ActivityPub.follow(follower, followed), + {:ok, follower, followed} <- User.wait_and_refresh(500, follower, followed) do render(conn, AccountView, "relationship.json", %{user: follower, target: followed}) else {:error, message} -> @@ -587,7 +589,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do with %User{} = followed <- Repo.get_by(User, nickname: uri), {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, _activity} <- ActivityPub.follow(follower, followed) do - render(conn, AccountView, "account.json", %{user: followed}) + render(conn, AccountView, "account.json", %{user: followed, for: follower}) else {:error, message} -> conn @@ -653,9 +655,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, %{}) end - def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do - accounts = User.search(query, params["resolve"] == "true") - + def status_search(query) do fetched = if Regex.match?(~r/https?:/, query) do with {:ok, object} <- ActivityPub.fetch_object_from_id(query) do @@ -680,7 +680,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do order_by: [desc: :id] ) - statuses = Repo.all(q) ++ fetched + Repo.all(q) ++ fetched + end + + def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do + accounts = User.search(query, params["resolve"] == "true") + + statuses = status_search(query) tags_path = Web.base_url() <> "/tag/" @@ -704,31 +710,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do accounts = User.search(query, params["resolve"] == "true") - fetched = - if Regex.match?(~r/https?:/, query) do - with {:ok, object} <- ActivityPub.fetch_object_from_id(query) do - [Activity.get_create_activity_by_object_ap_id(object.data["id"])] - else - _e -> [] - end - end || [] - - q = - from( - a in Activity, - where: fragment("?->>'type' = 'Create'", a.data), - where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, - where: - fragment( - "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", - a.data, - ^query - ), - limit: 20, - order_by: [desc: :id] - ) - - statuses = Repo.all(q) ++ fetched + statuses = status_search(query) tags = String.split(query) @@ -850,9 +832,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> Map.put("type", "Create") |> Map.put("blocking_user", user) - # adding title is a hack to not make empty lists function like a public timeline + # we must filter the following list for the user to avoid leaking statuses the user + # does not actually have permission to see (for more info, peruse security issue #270). + following_to = + following + |> Enum.filter(fn x -> x in user.following end) + activities = - ActivityPub.fetch_activities([title | following], params) + ActivityPub.fetch_activities_bounded(following_to, following, params) |> Enum.reverse() conn @@ -872,7 +859,9 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do if user && token do mastodon_emoji = mastodonized_emoji() - accounts = Map.put(%{}, user.id, AccountView.render("account.json", %{user: user})) + + accounts = + Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user})) initial_state = %{ @@ -1044,13 +1033,15 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do NaiveDateTime.to_iso8601(created_at) |> String.replace(~r/(\.\d+)?$/, ".000Z", global: false) + id = id |> to_string + case activity.data["type"] do "Create" -> %{ id: id, type: "mention", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}), + account: AccountView.render("account.json", %{user: actor, for: user}), status: StatusView.render("status.json", %{activity: activity, for: user}) } @@ -1061,7 +1052,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "favourite", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}), + account: AccountView.render("account.json", %{user: actor, for: user}), status: StatusView.render("status.json", %{activity: liked_activity, for: user}) } @@ -1072,7 +1063,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "reblog", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}), + account: AccountView.render("account.json", %{user: actor, for: user}), status: StatusView.render("status.json", %{activity: announced_activity, for: user}) } @@ -1081,7 +1072,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "follow", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}) + account: AccountView.render("account.json", %{user: actor, for: user}) } _ -> @@ -1089,7 +1080,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end - def get_filters(%{assigns: %{user: user}} = conn, params) do + def get_filters(%{assigns: %{user: user}} = conn, _) do filters = Pleroma.Filter.get_filters(user) res = FilterView.render("filters.json", filters: filters) json(conn, res) @@ -1113,7 +1104,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, res) end - def get_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id} = params) do + def get_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do filter = Pleroma.Filter.get(filter_id, user) res = FilterView.render("filter.json", filter: filter) json(conn, res) @@ -1138,13 +1129,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, res) end - def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id} = params) do + def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do query = %Pleroma.Filter{ user_id: user.id, filter_id: filter_id } - {:ok, response} = Pleroma.Filter.delete(query) + {:ok, _} = Pleroma.Filter.delete(query) json(conn, %{}) end @@ -1160,6 +1151,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do if Keyword.get(@suggestions, :enabled, false) do api = Keyword.get(@suggestions, :third_party_engine, "") timeout = Keyword.get(@suggestions, :timeout, 5000) + limit = Keyword.get(@suggestions, :limit, 23) host = Application.get_env(:pleroma, Pleroma.Web.Endpoint) @@ -1173,7 +1165,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do @httpoison.get(url, [], timeout: timeout, recv_timeout: timeout), {:ok, data} <- Jason.decode(body) do data2 = - Enum.slice(data, 0, 40) + Enum.slice(data, 0, limit) |> Enum.map(fn x -> Map.put( x, @@ -1184,6 +1176,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end ) end) + |> Enum.map(fn x -> + Map.put(x, "avatar", MediaProxy.url(x["avatar"])) + end) + |> Enum.map(fn x -> + Map.put(x, "avatar_static", MediaProxy.url(x["avatar_static"])) + end) conn |> json(data2)