X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Frouter.ex;h=1316d7f98f755da3ecff24e4f299b8d47dce44d5;hb=4ad843fb9df838f36c014ddfb76d7107ba2b5c7b;hp=dd1985d6ee1b91a16e0c88517f0edc9fa1e49f27;hpb=ef318fb8a96ddf276393f4ec81d3242dd7c6a4d4;p=akkoma diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index dd1985d6e..1316d7f98 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -1,3 +1,7 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Web.Router do use Pleroma.Web, :router @@ -38,6 +42,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.AdminSecretAuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureAuthenticatedPlug) @@ -69,6 +74,18 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.EnsureUserKeyPlug) end + pipeline :oauth_read do + plug(Pleroma.Plugs.OAuthScopesPlug, %{required_scopes: ["read"]}) + end + + pipeline :oauth_write do + plug(Pleroma.Plugs.OAuthScopesPlug, %{required_scopes: ["write"]}) + end + + pipeline :oauth_follow do + plug(Pleroma.Plugs.OAuthScopesPlug, %{required_scopes: ["follow"]}) + end + pipeline :well_known do plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"]) end @@ -102,6 +119,11 @@ defmodule Pleroma.Web.Router do get("/captcha", UtilController, :captcha) end + scope "/api/pleroma", Pleroma.Web do + pipe_through(:pleroma_api) + post("/uploader_callback/:upload_path", UploaderController, :callback) + end + scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do pipe_through(:admin_api) delete("/user", AdminAPIController, :user_delete) @@ -132,6 +154,7 @@ defmodule Pleroma.Web.Router do scope "/api/pleroma", Pleroma.Web.TwitterAPI do pipe_through(:authenticated_api) + post("/blocks_import", UtilController, :blocks_import) post("/follow_import", UtilController, :follow_import) post("/change_password", UtilController, :change_password) post("/delete_account", UtilController, :delete_account) @@ -174,6 +197,7 @@ defmodule Pleroma.Web.Router do get("/timelines/direct", MastodonAPIController, :dm_timeline) get("/favourites", MastodonAPIController, :favourites) + get("/bookmarks", MastodonAPIController, :bookmarks) post("/statuses", MastodonAPIController, :post_status) delete("/statuses/:id", MastodonAPIController, :delete_status) @@ -182,6 +206,10 @@ defmodule Pleroma.Web.Router do post("/statuses/:id/unreblog", MastodonAPIController, :unreblog_status) post("/statuses/:id/favourite", MastodonAPIController, :fav_status) post("/statuses/:id/unfavourite", MastodonAPIController, :unfav_status) + post("/statuses/:id/pin", MastodonAPIController, :pin_status) + post("/statuses/:id/unpin", MastodonAPIController, :unpin_status) + post("/statuses/:id/bookmark", MastodonAPIController, :bookmark_status) + post("/statuses/:id/unbookmark", MastodonAPIController, :unbookmark_status) post("/notifications/clear", MastodonAPIController, :clear_notifications) post("/notifications/dismiss", MastodonAPIController, :dismiss_notification) @@ -239,7 +267,7 @@ defmodule Pleroma.Web.Router do get("/statuses/:id", MastodonAPIController, :get_status) get("/statuses/:id/context", MastodonAPIController, :get_context) - get("/statuses/:id/card", MastodonAPIController, :empty_object) + get("/statuses/:id/card", MastodonAPIController, :status_card) get("/statuses/:id/favourited_by", MastodonAPIController, :favourited_by) get("/statuses/:id/reblogged_by", MastodonAPIController, :reblogged_by) @@ -265,6 +293,7 @@ defmodule Pleroma.Web.Router do post("/help/test", TwitterAPI.UtilController, :help_test) get("/statusnet/config", TwitterAPI.UtilController, :config) get("/statusnet/version", TwitterAPI.UtilController, :version) + get("/pleroma/frontend_configurations", TwitterAPI.UtilController, :frontend_configurations) end scope "/api", Pleroma.Web do @@ -276,12 +305,22 @@ defmodule Pleroma.Web.Router do get("/statuses/followers", TwitterAPI.Controller, :followers) get("/statuses/friends", TwitterAPI.Controller, :friends) + get("/statuses/blocks", TwitterAPI.Controller, :blocks) get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status) get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation) post("/account/register", TwitterAPI.Controller, :register) post("/account/password_reset", TwitterAPI.Controller, :password_reset) + get( + "/account/confirm_email/:user_id/:token", + TwitterAPI.Controller, + :confirm_email, + as: :confirm_email + ) + + post("/account/resend_confirmation_email", TwitterAPI.Controller, :resend_confirmation_email) + get("/search", TwitterAPI.Controller, :search) get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) end @@ -311,52 +350,67 @@ defmodule Pleroma.Web.Router do get("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials) post("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials) - post("/account/update_profile", TwitterAPI.Controller, :update_profile) - post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner) - post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background) + scope [] do + pipe_through(:oauth_read) - get("/statuses/home_timeline", TwitterAPI.Controller, :friends_timeline) - get("/statuses/friends_timeline", TwitterAPI.Controller, :friends_timeline) - get("/statuses/mentions", TwitterAPI.Controller, :mentions_timeline) - get("/statuses/mentions_timeline", TwitterAPI.Controller, :mentions_timeline) - get("/statuses/dm_timeline", TwitterAPI.Controller, :dm_timeline) - get("/qvitter/statuses/notifications", TwitterAPI.Controller, :notifications) + get("/statuses/home_timeline", TwitterAPI.Controller, :friends_timeline) + get("/statuses/friends_timeline", TwitterAPI.Controller, :friends_timeline) + get("/statuses/mentions", TwitterAPI.Controller, :mentions_timeline) + get("/statuses/mentions_timeline", TwitterAPI.Controller, :mentions_timeline) + get("/statuses/dm_timeline", TwitterAPI.Controller, :dm_timeline) + get("/qvitter/statuses/notifications", TwitterAPI.Controller, :notifications) - # XXX: this is really a pleroma API, but we want to keep the pleroma namespace clean - # for now. - post("/qvitter/statuses/notifications/read", TwitterAPI.Controller, :notifications_read) + get("/pleroma/friend_requests", TwitterAPI.Controller, :friend_requests) - post("/statuses/update", TwitterAPI.Controller, :status_update) - post("/statuses/retweet/:id", TwitterAPI.Controller, :retweet) - post("/statuses/unretweet/:id", TwitterAPI.Controller, :unretweet) - post("/statuses/destroy/:id", TwitterAPI.Controller, :delete_post) + get("/friends/ids", TwitterAPI.Controller, :friends_ids) + get("/friendships/no_retweets/ids", TwitterAPI.Controller, :empty_array) - get("/pleroma/friend_requests", TwitterAPI.Controller, :friend_requests) - post("/pleroma/friendships/approve", TwitterAPI.Controller, :approve_friend_request) - post("/pleroma/friendships/deny", TwitterAPI.Controller, :deny_friend_request) + get("/mutes/users/ids", TwitterAPI.Controller, :empty_array) + get("/qvitter/mutes", TwitterAPI.Controller, :raw_empty_array) - post("/friendships/create", TwitterAPI.Controller, :follow) - post("/friendships/destroy", TwitterAPI.Controller, :unfollow) - post("/blocks/create", TwitterAPI.Controller, :block) - post("/blocks/destroy", TwitterAPI.Controller, :unblock) + get("/externalprofile/show", TwitterAPI.Controller, :external_profile) - post("/statusnet/media/upload", TwitterAPI.Controller, :upload) - post("/media/upload", TwitterAPI.Controller, :upload_json) - post("/media/metadata/create", TwitterAPI.Controller, :update_media) + post("/qvitter/statuses/notifications/read", TwitterAPI.Controller, :notifications_read) + end + + scope [] do + pipe_through(:oauth_write) + + post("/account/update_profile", TwitterAPI.Controller, :update_profile) + post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner) + post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background) + + post("/statuses/update", TwitterAPI.Controller, :status_update) + post("/statuses/retweet/:id", TwitterAPI.Controller, :retweet) + post("/statuses/unretweet/:id", TwitterAPI.Controller, :unretweet) + post("/statuses/destroy/:id", TwitterAPI.Controller, :delete_post) + + post("/statuses/pin/:id", TwitterAPI.Controller, :pin) + post("/statuses/unpin/:id", TwitterAPI.Controller, :unpin) + + post("/statusnet/media/upload", TwitterAPI.Controller, :upload) + post("/media/upload", TwitterAPI.Controller, :upload_json) + post("/media/metadata/create", TwitterAPI.Controller, :update_media) + + post("/favorites/create/:id", TwitterAPI.Controller, :favorite) + post("/favorites/create", TwitterAPI.Controller, :favorite) + post("/favorites/destroy/:id", TwitterAPI.Controller, :unfavorite) - post("/favorites/create/:id", TwitterAPI.Controller, :favorite) - post("/favorites/create", TwitterAPI.Controller, :favorite) - post("/favorites/destroy/:id", TwitterAPI.Controller, :unfavorite) + post("/qvitter/update_avatar", TwitterAPI.Controller, :update_avatar) + end - post("/qvitter/update_avatar", TwitterAPI.Controller, :update_avatar) + scope [] do + pipe_through(:oauth_follow) - get("/friends/ids", TwitterAPI.Controller, :friends_ids) - get("/friendships/no_retweets/ids", TwitterAPI.Controller, :empty_array) + post("/pleroma/friendships/approve", TwitterAPI.Controller, :approve_friend_request) + post("/pleroma/friendships/deny", TwitterAPI.Controller, :deny_friend_request) - get("/mutes/users/ids", TwitterAPI.Controller, :empty_array) - get("/qvitter/mutes", TwitterAPI.Controller, :raw_empty_array) + post("/friendships/create", TwitterAPI.Controller, :follow) + post("/friendships/destroy", TwitterAPI.Controller, :unfollow) - get("/externalprofile/show", TwitterAPI.Controller, :external_profile) + post("/blocks/create", TwitterAPI.Controller, :block) + post("/blocks/destroy", TwitterAPI.Controller, :unblock) + end end pipeline :ap_relay do @@ -364,7 +418,11 @@ defmodule Pleroma.Web.Router do end pipeline :ostatus do - plug(:accepts, ["xml", "atom", "html", "activity+json"]) + plug(:accepts, ["html", "xml", "atom", "activity+json"]) + end + + pipeline :oembed do + plug(:accepts, ["json", "xml"]) end scope "/", Pleroma.Web do @@ -382,6 +440,12 @@ defmodule Pleroma.Web.Router do post("/push/subscriptions/:id", Websub.WebsubController, :websub_incoming) end + scope "/", Pleroma.Web do + pipe_through(:oembed) + + get("/oembed", OEmbed.OEmbedController, :url) + end + pipeline :activitypub do plug(:accepts, ["activity+json"]) plug(Pleroma.Web.Plugs.HTTPSignaturePlug) @@ -394,6 +458,29 @@ defmodule Pleroma.Web.Router do get("/users/:nickname/followers", ActivityPubController, :followers) get("/users/:nickname/following", ActivityPubController, :following) get("/users/:nickname/outbox", ActivityPubController, :outbox) + get("/objects/:uuid/likes", ActivityPubController, :object_likes) + end + + pipeline :activitypub_client do + plug(:accepts, ["activity+json"]) + plug(:fetch_session) + plug(Pleroma.Plugs.OAuthPlug) + plug(Pleroma.Plugs.BasicAuthDecoderPlug) + plug(Pleroma.Plugs.UserFetcherPlug) + plug(Pleroma.Plugs.SessionAuthenticationPlug) + plug(Pleroma.Plugs.LegacyAuthenticationPlug) + plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.UserEnabledPlug) + plug(Pleroma.Plugs.SetUserSessionIdPlug) + plug(Pleroma.Plugs.EnsureUserKeyPlug) + end + + scope "/", Pleroma.Web.ActivityPub do + pipe_through([:activitypub_client]) + + get("/api/ap/whoami", ActivityPubController, :whoami) + get("/users/:nickname/inbox", ActivityPubController, :read_inbox) + post("/users/:nickname/outbox", ActivityPubController, :update_outbox) end scope "/relay", Pleroma.Web.ActivityPub do @@ -447,6 +534,7 @@ defmodule Pleroma.Web.Router do scope "/", Fallback do get("/registration/:token", RedirectController, :registration_page) + get("/:maybe_nickname_or_id", RedirectController, :redirector_with_meta) get("/*path", RedirectController, :redirector) options("/*path", RedirectController, :empty) @@ -455,11 +543,36 @@ end defmodule Fallback.RedirectController do use Pleroma.Web, :controller + alias Pleroma.Web.Metadata + alias Pleroma.User + + def redirector(conn, _params, code \\ 200) do + conn + |> put_resp_content_type("text/html") + |> send_file(code, index_file_path()) + end + + def redirector_with_meta(conn, %{"maybe_nickname_or_id" => maybe_nickname_or_id} = params) do + with %User{} = user <- User.get_cached_by_nickname_or_id(maybe_nickname_or_id) do + redirector_with_meta(conn, %{user: user}) + else + nil -> + redirector(conn, params) + end + end + + def redirector_with_meta(conn, params) do + {:ok, index_content} = File.read(index_file_path()) + tags = Metadata.build_tags(params) + response = String.replace(index_content, "", tags) - def redirector(conn, _params) do conn |> put_resp_content_type("text/html") - |> send_file(200, Pleroma.Plugs.InstanceStatic.file_path("index.html")) + |> send_resp(200, response) + end + + def index_file_path do + Pleroma.Plugs.InstanceStatic.file_path("index.html") end def registration_page(conn, params) do