X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fostatus%2Fostatus_controller.ex;h=9dfcf0f95a9f94a5d1bf9ff1d8503acd821b6fbf;hb=6786ad3d983a37728654fccfa525498c77683cdc;hp=a02f55fe6383b85ace1eedbafab0f70bd059adf4;hpb=b3d67750f04d7c72c3e1deeb6df573cbb195146a;p=akkoma

diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex
index a02f55fe6..9dfcf0f95 100644
--- a/lib/pleroma/web/ostatus/ostatus_controller.ex
+++ b/lib/pleroma/web/ostatus/ostatus_controller.ex
@@ -1,45 +1,57 @@
 defmodule Pleroma.Web.OStatus.OStatusController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.{User, Activity}
+  alias Pleroma.{User, Activity, Object}
   alias Pleroma.Web.OStatus.{FeedRepresenter, ActivityRepresenter}
   alias Pleroma.Repo
   alias Pleroma.Web.{OStatus, Federator}
   alias Pleroma.Web.XML
+  alias Pleroma.Web.ActivityPub.ObjectView
   alias Pleroma.Web.ActivityPub.ActivityPubController
   alias Pleroma.Web.ActivityPub.ActivityPub
-  import Ecto.Query
 
-  def feed_redirect(conn, %{"nickname" => nickname} = params) do
-    user = User.get_cached_by_nickname(nickname)
+  plug(Pleroma.Web.FederatingPlug when action in [:salmon_incoming])
+  action_fallback(:errors)
 
+  def feed_redirect(conn, %{"nickname" => nickname}) do
     case get_format(conn) do
-      "html" -> Fallback.RedirectController.redirector(conn, nil)
-      "activity+json" -> ActivityPubController.user(conn, params)
-      _ -> redirect(conn, external: OStatus.feed_path(user))
+      "html" ->
+        Fallback.RedirectController.redirector(conn, nil)
+
+      "activity+json" ->
+        ActivityPubController.call(conn, :user)
+
+      _ ->
+        with %User{} = user <- User.get_cached_by_nickname(nickname) do
+          redirect(conn, external: OStatus.feed_path(user))
+        else
+          nil -> {:error, :not_found}
+        end
     end
   end
 
   def feed(conn, %{"nickname" => nickname} = params) do
-    user = User.get_cached_by_nickname(nickname)
-
-    query_params =
-      Map.take(params, ["max_id"])
-      |> Map.merge(%{"whole_db" => true, "actor_id" => user.ap_id})
-
-    activities =
-      ActivityPub.fetch_public_activities(query_params)
-      |> Enum.reverse()
-
-    response =
-      user
-      |> FeedRepresenter.to_simple_form(activities, [user])
-      |> :xmerl.export_simple(:xmerl_xml)
-      |> to_string
-
-    conn
-    |> put_resp_content_type("application/atom+xml")
-    |> send_resp(200, response)
+    with %User{} = user <- User.get_cached_by_nickname(nickname) do
+      query_params =
+        Map.take(params, ["max_id"])
+        |> Map.merge(%{"whole_db" => true, "actor_id" => user.ap_id})
+
+      activities =
+        ActivityPub.fetch_public_activities(query_params)
+        |> Enum.reverse()
+
+      response =
+        user
+        |> FeedRepresenter.to_simple_form(activities, [user])
+        |> :xmerl.export_simple(:xmerl_xml)
+        |> to_string
+
+      conn
+      |> put_resp_content_type("application/atom+xml")
+      |> send_resp(200, response)
+    else
+      nil -> {:error, :not_found}
+    end
   end
 
   defp decode_or_retry(body) do
@@ -69,51 +81,96 @@ defmodule Pleroma.Web.OStatus.OStatusController do
     |> send_resp(200, "")
   end
 
-  # TODO: Data leak
-  def object(conn, %{"uuid" => uuid} = params) do
+  def object(conn, %{"uuid" => uuid}) do
     if get_format(conn) == "activity+json" do
-      ActivityPubController.object(conn, params)
+      ActivityPubController.call(conn, :object)
     else
       with id <- o_status_url(conn, :object, uuid),
-           %Activity{} = activity <- Activity.get_create_activity_by_object_ap_id(id),
+           {_, %Activity{} = activity} <-
+             {:activity, Activity.get_create_activity_by_object_ap_id(id)},
+           {_, true} <- {:public?, ActivityPub.is_public?(activity)},
            %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
         case get_format(conn) do
           "html" -> redirect(conn, to: "/notice/#{activity.id}")
-          _ -> represent_activity(conn, activity, user)
+          _ -> represent_activity(conn, nil, activity, user)
         end
+      else
+        {:public?, false} ->
+          {:error, :not_found}
+
+        {:activity, nil} ->
+          {:error, :not_found}
+
+        e ->
+          e
       end
     end
   end
 
-  # TODO: Data leak
   def activity(conn, %{"uuid" => uuid}) do
     with id <- o_status_url(conn, :activity, uuid),
-         %Activity{} = activity <- Activity.get_by_ap_id(id),
+         {_, %Activity{} = activity} <- {:activity, Activity.normalize(id)},
+         {_, true} <- {:public?, ActivityPub.is_public?(activity)},
          %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
-      case get_format(conn) do
+      case format = get_format(conn) do
         "html" -> redirect(conn, to: "/notice/#{activity.id}")
-        _ -> represent_activity(conn, activity, user)
+        _ -> represent_activity(conn, format, activity, user)
       end
+    else
+      {:public?, false} ->
+        {:error, :not_found}
+
+      {:activity, nil} ->
+        {:error, :not_found}
+
+      e ->
+        e
     end
   end
 
-  # TODO: Data leak
   def notice(conn, %{"id" => id}) do
-    with %Activity{} = activity <- Repo.get(Activity, id),
+    with {_, %Activity{} = activity} <- {:activity, Repo.get(Activity, id)},
+         {_, true} <- {:public?, ActivityPub.is_public?(activity)},
          %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
-      case get_format(conn) do
+      case format = get_format(conn) do
         "html" ->
           conn
           |> put_resp_content_type("text/html")
-          |> send_file(200, "priv/static/index.html")
+          |> send_file(200, Application.app_dir(:pleroma, "priv/static/index.html"))
 
         _ ->
-          represent_activity(conn, activity, user)
+          represent_activity(conn, format, activity, user)
       end
+    else
+      {:public?, false} ->
+        {:error, :not_found}
+
+      {:activity, nil} ->
+        {:error, :not_found}
+
+      e ->
+        e
     end
   end
 
-  defp represent_activity(conn, activity, user) do
+  defp represent_activity(
+         conn,
+         "activity+json",
+         %Activity{data: %{"type" => "Create"}} = activity,
+         _user
+       ) do
+    object = Object.normalize(activity.data["object"])
+
+    conn
+    |> put_resp_header("content-type", "application/activity+json")
+    |> json(ObjectView.render("object.json", %{object: object}))
+  end
+
+  defp represent_activity(_conn, "activity+json", _, _) do
+    {:error, :not_found}
+  end
+
+  defp represent_activity(conn, _, activity, user) do
     response =
       activity
       |> ActivityRepresenter.to_simple_form(user, true)
@@ -125,4 +182,16 @@ defmodule Pleroma.Web.OStatus.OStatusController do
     |> put_resp_content_type("application/atom+xml")
     |> send_resp(200, response)
   end
+
+  def errors(conn, {:error, :not_found}) do
+    conn
+    |> put_status(404)
+    |> text("Not found")
+  end
+
+  def errors(conn, _) do
+    conn
+    |> put_status(500)
+    |> text("Something went wrong")
+  end
 end