X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fostatus%2Fostatus_controller.ex;h=00bffbd5da253f2b74ed5cbb82c26045a0f1a469;hb=5469fb9561bb886deb8434e545dfb711eb20f341;hp=f39ebaf2b5f92d0701e4f6efae1d0b0d1ec45db0;hpb=6c2903d9a175cfbf3785d5c1a43e6fcac6b0e9f5;p=akkoma

diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex
index f39ebaf2b..00bffbd5d 100644
--- a/lib/pleroma/web/ostatus/ostatus_controller.ex
+++ b/lib/pleroma/web/ostatus/ostatus_controller.ex
@@ -9,36 +9,47 @@ defmodule Pleroma.Web.OStatus.OStatusController do
   alias Pleroma.Web.ActivityPub.ActivityPubController
   alias Pleroma.Web.ActivityPub.ActivityPub
 
-  def feed_redirect(conn, %{"nickname" => nickname} = params) do
-    user = User.get_cached_by_nickname(nickname)
+  action_fallback(:errors)
 
+  def feed_redirect(conn, %{"nickname" => nickname}) do
     case get_format(conn) do
-      "html" -> Fallback.RedirectController.redirector(conn, nil)
-      "activity+json" -> ActivityPubController.user(conn, params)
-      _ -> redirect(conn, external: OStatus.feed_path(user))
+      "html" ->
+        Fallback.RedirectController.redirector(conn, nil)
+
+      "activity+json" ->
+        ActivityPubController.call(conn, :user)
+
+      _ ->
+        with %User{} = user <- User.get_cached_by_nickname(nickname) do
+          redirect(conn, external: OStatus.feed_path(user))
+        else
+          nil -> {:error, :not_found}
+        end
     end
   end
 
   def feed(conn, %{"nickname" => nickname} = params) do
-    user = User.get_cached_by_nickname(nickname)
-
-    query_params =
-      Map.take(params, ["max_id"])
-      |> Map.merge(%{"whole_db" => true, "actor_id" => user.ap_id})
-
-    activities =
-      ActivityPub.fetch_public_activities(query_params)
-      |> Enum.reverse()
-
-    response =
-      user
-      |> FeedRepresenter.to_simple_form(activities, [user])
-      |> :xmerl.export_simple(:xmerl_xml)
-      |> to_string
-
-    conn
-    |> put_resp_content_type("application/atom+xml")
-    |> send_resp(200, response)
+    with %User{} = user <- User.get_cached_by_nickname(nickname) do
+      query_params =
+        Map.take(params, ["max_id"])
+        |> Map.merge(%{"whole_db" => true, "actor_id" => user.ap_id})
+
+      activities =
+        ActivityPub.fetch_public_activities(query_params)
+        |> Enum.reverse()
+
+      response =
+        user
+        |> FeedRepresenter.to_simple_form(activities, [user])
+        |> :xmerl.export_simple(:xmerl_xml)
+        |> to_string
+
+      conn
+      |> put_resp_content_type("application/atom+xml")
+      |> send_resp(200, response)
+    else
+      nil -> {:error, :not_found}
+    end
   end
 
   defp decode_or_retry(body) do
@@ -68,37 +79,56 @@ defmodule Pleroma.Web.OStatus.OStatusController do
     |> send_resp(200, "")
   end
 
-  # TODO: Data leak
-  def object(conn, %{"uuid" => uuid} = params) do
+  def object(conn, %{"uuid" => uuid}) do
     if get_format(conn) == "activity+json" do
-      ActivityPubController.object(conn, params)
+      ActivityPubController.call(conn, :object)
     else
       with id <- o_status_url(conn, :object, uuid),
-           %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id),
+           {_, %Activity{} = activity} <-
+             {:activity, Activity.get_create_activity_by_object_ap_id(id)},
+           {_, true} <- {:public?, ActivityPub.is_public?(activity)},
            %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
         case get_format(conn) do
           "html" -> redirect(conn, to: "/notice/#{activity.id}")
           _ -> represent_activity(conn, activity, user)
         end
+      else
+        {:public?, false} ->
+          {:error, :not_found}
+
+        {:activity, nil} ->
+          {:error, :not_found}
+
+        e ->
+          e
       end
     end
   end
 
-  # TODO: Data leak
   def activity(conn, %{"uuid" => uuid}) do
     with id <- o_status_url(conn, :activity, uuid),
-         %Activity{} = activity <- Activity.get_by_ap_id(id),
+         {_, %Activity{} = activity} <- {:activity, Activity.normalize(id)},
+         {_, true} <- {:public?, ActivityPub.is_public?(activity)},
          %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
       case get_format(conn) do
         "html" -> redirect(conn, to: "/notice/#{activity.id}")
         _ -> represent_activity(conn, activity, user)
       end
+    else
+      {:public?, false} ->
+        {:error, :not_found}
+
+      {:activity, nil} ->
+        {:error, :not_found}
+
+      e ->
+        e
     end
   end
 
-  # TODO: Data leak
   def notice(conn, %{"id" => id}) do
-    with %Activity{} = activity <- Repo.get(Activity, id),
+    with {_, %Activity{} = activity} <- {:activity, Repo.get(Activity, id)},
+         {_, true} <- {:public?, ActivityPub.is_public?(activity)},
          %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
       case get_format(conn) do
         "html" ->
@@ -109,6 +139,15 @@ defmodule Pleroma.Web.OStatus.OStatusController do
         _ ->
           represent_activity(conn, activity, user)
       end
+    else
+      {:public?, false} ->
+        {:error, :not_found}
+
+      {:activity, nil} ->
+        {:error, :not_found}
+
+      e ->
+        e
     end
   end
 
@@ -124,4 +163,16 @@ defmodule Pleroma.Web.OStatus.OStatusController do
     |> put_resp_content_type("application/atom+xml")
     |> send_resp(200, response)
   end
+
+  def errors(conn, {:error, :not_found}) do
+    conn
+    |> put_status(404)
+    |> text("Not found")
+  end
+
+  def errors(conn, _) do
+    conn
+    |> put_status(500)
+    |> text("Something went wrong")
+  end
 end