X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Frouter.ex;h=3b1fd46a564140234e8e1b71e1a24994131e89f4;hb=9cc98b496ee378a2d6459b080e1d0067ac216911;hp=4ece311d3ef12d24f90d30a2a6ba7497dc08c1f9;hpb=a337bd114c3cbbb8e8270ec56a012e82f84df808;p=akkoma diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 4ece311d3..3b1fd46a5 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -74,16 +74,27 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.EnsureUserKeyPlug) end + pipeline :oauth_read_or_unauthenticated do + plug(Pleroma.Plugs.OAuthScopesPlug, %{ + scopes: ["read"], + fallback: :proceed_unauthenticated + }) + end + pipeline :oauth_read do - plug(Pleroma.Plugs.OAuthScopesPlug, %{required_scopes: ["read"]}) + plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["read"]}) end pipeline :oauth_write do - plug(Pleroma.Plugs.OAuthScopesPlug, %{required_scopes: ["write"]}) + plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["write"]}) end pipeline :oauth_follow do - plug(Pleroma.Plugs.OAuthScopesPlug, %{required_scopes: ["follow"]}) + plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["follow"]}) + end + + pipeline :oauth_push do + plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]}) end pipeline :well_known do @@ -113,6 +124,7 @@ defmodule Pleroma.Web.Router do scope "/api/pleroma", Pleroma.Web.TwitterAPI do pipe_through(:pleroma_api) + get("/password_reset/:token", UtilController, :show_password_reset) post("/password_reset", UtilController, :password_reset) get("/emoji", UtilController, :emoji) @@ -125,8 +137,11 @@ defmodule Pleroma.Web.Router do end scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do - pipe_through(:admin_api) + pipe_through([:admin_api, :oauth_write]) + + get("/users", AdminAPIController, :list_users) delete("/user", AdminAPIController, :user_delete) + patch("/users/:nickname/toggle_activation", AdminAPIController, :user_toggle_activation) post("/user", AdminAPIController, :user_create) put("/users/tag", AdminAPIController, :tag_users) delete("/users/tag", AdminAPIController, :untag_users) @@ -136,6 +151,8 @@ defmodule Pleroma.Web.Router do post("/permission_group/:nickname/:permission_group", AdminAPIController, :right_add) delete("/permission_group/:nickname/:permission_group", AdminAPIController, :right_delete) + put("/activation_status/:nickname", AdminAPIController, :set_activation_status) + post("/relay", AdminAPIController, :relay_follow) delete("/relay", AdminAPIController, :relay_unfollow) @@ -147,9 +164,14 @@ defmodule Pleroma.Web.Router do scope "/", Pleroma.Web.TwitterAPI do pipe_through(:pleroma_html) - get("/ostatus_subscribe", UtilController, :remote_follow) - post("/ostatus_subscribe", UtilController, :do_remote_follow) + post("/main/ostatus", UtilController, :remote_subscribe) + get("/ostatus_subscribe", UtilController, :remote_follow) + + scope [] do + pipe_through(:oauth_follow) + post("/ostatus_subscribe", UtilController, :do_remote_follow) + end end scope "/api/pleroma", Pleroma.Web.TwitterAPI do @@ -180,11 +202,11 @@ defmodule Pleroma.Web.Router do scope "/api/v1", Pleroma.Web.MastodonAPI do pipe_through(:authenticated_api) - get("/accounts/verify_credentials", MastodonAPIController, :verify_credentials) - scope [] do pipe_through(:oauth_read) + get("/accounts/verify_credentials", MastodonAPIController, :verify_credentials) + get("/accounts/relationships", MastodonAPIController, :relationships) get("/accounts/search", MastodonAPIController, :account_search) @@ -192,7 +214,7 @@ defmodule Pleroma.Web.Router do get("/follow_requests", MastodonAPIController, :follow_requests) get("/blocks", MastodonAPIController, :blocks) - get("/mutes", MastodonAPIController, :empty_array) + get("/mutes", MastodonAPIController, :mutes) get("/timelines/home", MastodonAPIController, :home_timeline) get("/timelines/direct", MastodonAPIController, :dm_timeline) @@ -216,6 +238,8 @@ defmodule Pleroma.Web.Router do get("/suggestions", MastodonAPIController, :suggestions) get("/endorsements", MastodonAPIController, :empty_array) + + get("/pleroma/flavour", MastodonAPIController, :get_flavour) end scope [] do @@ -234,6 +258,8 @@ defmodule Pleroma.Web.Router do post("/statuses/:id/unpin", MastodonAPIController, :unpin_status) post("/statuses/:id/bookmark", MastodonAPIController, :bookmark_status) post("/statuses/:id/unbookmark", MastodonAPIController, :unbookmark_status) + post("/statuses/:id/mute", MastodonAPIController, :mute_conversation) + post("/statuses/:id/unmute", MastodonAPIController, :unmute_conversation) post("/media", MastodonAPIController, :upload) put("/media/:id", MastodonAPIController, :update_media) @@ -249,6 +275,10 @@ defmodule Pleroma.Web.Router do get("/filters/:id", MastodonAPIController, :get_filter) put("/filters/:id", MastodonAPIController, :update_filter) delete("/filters/:id", MastodonAPIController, :delete_filter) + + post("/pleroma/flavour/:flavour", MastodonAPIController, :set_flavour) + + post("/reports", MastodonAPIController, :reports) end scope [] do @@ -260,14 +290,18 @@ defmodule Pleroma.Web.Router do post("/accounts/:id/unfollow", MastodonAPIController, :unfollow) post("/accounts/:id/block", MastodonAPIController, :block) post("/accounts/:id/unblock", MastodonAPIController, :unblock) - post("/accounts/:id/mute", MastodonAPIController, :relationship_noop) - post("/accounts/:id/unmute", MastodonAPIController, :relationship_noop) + post("/accounts/:id/mute", MastodonAPIController, :mute) + post("/accounts/:id/unmute", MastodonAPIController, :unmute) post("/follow_requests/:id/authorize", MastodonAPIController, :authorize_follow_request) post("/follow_requests/:id/reject", MastodonAPIController, :reject_follow_request) post("/domain_blocks", MastodonAPIController, :block_domain) delete("/domain_blocks", MastodonAPIController, :unblock_domain) + end + + scope [] do + pipe_through(:oauth_push) post("/push/subscription", MastodonAPIController, :create_push_subscription) get("/push/subscription", MastodonAPIController, :get_push_subscription) @@ -284,33 +318,40 @@ defmodule Pleroma.Web.Router do scope "/api/v1", Pleroma.Web.MastodonAPI do pipe_through(:api) + get("/instance", MastodonAPIController, :masto_instance) get("/instance/peers", MastodonAPIController, :peers) post("/apps", MastodonAPIController, :create_app) get("/custom_emojis", MastodonAPIController, :custom_emojis) - get("/timelines/public", MastodonAPIController, :public_timeline) - get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline) - get("/timelines/list/:list_id", MastodonAPIController, :list_timeline) - - get("/statuses/:id", MastodonAPIController, :get_status) - get("/statuses/:id/context", MastodonAPIController, :get_context) get("/statuses/:id/card", MastodonAPIController, :status_card) + get("/statuses/:id/favourited_by", MastodonAPIController, :favourited_by) get("/statuses/:id/reblogged_by", MastodonAPIController, :reblogged_by) - get("/accounts/:id/statuses", MastodonAPIController, :user_statuses) - get("/accounts/:id/followers", MastodonAPIController, :followers) - get("/accounts/:id/following", MastodonAPIController, :following) - get("/accounts/:id", MastodonAPIController, :user) - get("/trends", MastodonAPIController, :empty_array) - get("/search", MastodonAPIController, :search) + scope [] do + pipe_through(:oauth_read_or_unauthenticated) + + get("/timelines/public", MastodonAPIController, :public_timeline) + get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline) + get("/timelines/list/:list_id", MastodonAPIController, :list_timeline) + + get("/statuses/:id", MastodonAPIController, :get_status) + get("/statuses/:id/context", MastodonAPIController, :get_context) + + get("/accounts/:id/statuses", MastodonAPIController, :user_statuses) + get("/accounts/:id/followers", MastodonAPIController, :followers) + get("/accounts/:id/following", MastodonAPIController, :following) + get("/accounts/:id", MastodonAPIController, :user) + + get("/search", MastodonAPIController, :search) + end end scope "/api/v2", Pleroma.Web.MastodonAPI do - pipe_through(:api) + pipe_through([:api, :oauth_read_or_unauthenticated]) get("/search", MastodonAPIController, :search2) end @@ -327,19 +368,11 @@ defmodule Pleroma.Web.Router do scope "/api", Pleroma.Web do pipe_through(:api) - get("/statuses/user_timeline", TwitterAPI.Controller, :user_timeline) - get("/qvitter/statuses/user_timeline", TwitterAPI.Controller, :user_timeline) - get("/users/show", TwitterAPI.Controller, :show_user) - - get("/statuses/followers", TwitterAPI.Controller, :followers) - get("/statuses/friends", TwitterAPI.Controller, :friends) - get("/statuses/blocks", TwitterAPI.Controller, :blocks) - get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status) - get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation) - post("/account/register", TwitterAPI.Controller, :register) post("/account/password_reset", TwitterAPI.Controller, :password_reset) + post("/account/resend_confirmation_email", TwitterAPI.Controller, :resend_confirmation_email) + get( "/account/confirm_email/:user_id/:token", TwitterAPI.Controller, @@ -347,14 +380,26 @@ defmodule Pleroma.Web.Router do as: :confirm_email ) - post("/account/resend_confirmation_email", TwitterAPI.Controller, :resend_confirmation_email) + scope [] do + pipe_through(:oauth_read_or_unauthenticated) + + get("/statuses/user_timeline", TwitterAPI.Controller, :user_timeline) + get("/qvitter/statuses/user_timeline", TwitterAPI.Controller, :user_timeline) + get("/users/show", TwitterAPI.Controller, :show_user) + + get("/statuses/followers", TwitterAPI.Controller, :followers) + get("/statuses/friends", TwitterAPI.Controller, :friends) + get("/statuses/blocks", TwitterAPI.Controller, :blocks) + get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status) + get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation) - get("/search", TwitterAPI.Controller, :search) - get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) + get("/search", TwitterAPI.Controller, :search) + get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) + end end scope "/api", Pleroma.Web do - pipe_through(:api) + pipe_through([:api, :oauth_read_or_unauthenticated]) get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline) @@ -368,19 +413,22 @@ defmodule Pleroma.Web.Router do end scope "/api", Pleroma.Web, as: :twitter_api_search do - pipe_through(:api) + pipe_through([:api, :oauth_read_or_unauthenticated]) get("/pleroma/search_user", TwitterAPI.Controller, :search_user) end scope "/api", Pleroma.Web, as: :authenticated_twitter_api do pipe_through(:authenticated_api) - get("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials) - post("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials) + get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens) + delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token) scope [] do pipe_through(:oauth_read) + get("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials) + post("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials) + get("/statuses/home_timeline", TwitterAPI.Controller, :friends_timeline) get("/statuses/friends_timeline", TwitterAPI.Controller, :friends_timeline) get("/statuses/mentions", TwitterAPI.Controller, :mentions_timeline) @@ -442,11 +490,11 @@ defmodule Pleroma.Web.Router do end pipeline :ap_relay do - plug(:accepts, ["activity+json"]) + plug(:accepts, ["activity+json", "json"]) end pipeline :ostatus do - plug(:accepts, ["html", "xml", "atom", "activity+json"]) + plug(:accepts, ["html", "xml", "atom", "activity+json", "json"]) end pipeline :oembed do @@ -459,6 +507,7 @@ defmodule Pleroma.Web.Router do get("/objects/:uuid", OStatus.OStatusController, :object) get("/activities/:uuid", OStatus.OStatusController, :activity) get("/notice/:id", OStatus.OStatusController, :notice) + get("/notice/:id/embed_player", OStatus.OStatusController, :notice_player) get("/users/:nickname/feed", OStatus.OStatusController, :feed) get("/users/:nickname", OStatus.OStatusController, :feed_redirect) @@ -475,7 +524,7 @@ defmodule Pleroma.Web.Router do end pipeline :activitypub do - plug(:accepts, ["activity+json"]) + plug(:accepts, ["activity+json", "json"]) plug(Pleroma.Web.Plugs.HTTPSignaturePlug) end @@ -490,7 +539,7 @@ defmodule Pleroma.Web.Router do end pipeline :activitypub_client do - plug(:accepts, ["activity+json"]) + plug(:accepts, ["activity+json", "json"]) plug(:fetch_session) plug(Pleroma.Plugs.OAuthPlug) plug(Pleroma.Plugs.BasicAuthDecoderPlug) @@ -506,9 +555,16 @@ defmodule Pleroma.Web.Router do scope "/", Pleroma.Web.ActivityPub do pipe_through([:activitypub_client]) - get("/api/ap/whoami", ActivityPubController, :whoami) - get("/users/:nickname/inbox", ActivityPubController, :read_inbox) - post("/users/:nickname/outbox", ActivityPubController, :update_outbox) + scope [] do + pipe_through(:oauth_read) + get("/api/ap/whoami", ActivityPubController, :whoami) + get("/users/:nickname/inbox", ActivityPubController, :read_inbox) + end + + scope [] do + pipe_through(:oauth_write) + post("/users/:nickname/outbox", ActivityPubController, :update_outbox) + end end scope "/relay", Pleroma.Web.ActivityPub do @@ -518,8 +574,8 @@ defmodule Pleroma.Web.Router do scope "/", Pleroma.Web.ActivityPub do pipe_through(:activitypub) - post("/users/:nickname/inbox", ActivityPubController, :inbox) post("/inbox", ActivityPubController, :inbox) + post("/users/:nickname/inbox", ActivityPubController, :inbox) end scope "/.well-known", Pleroma.Web do @@ -538,8 +594,12 @@ defmodule Pleroma.Web.Router do pipe_through(:mastodon_html) get("/web/login", MastodonAPIController, :login) - get("/web/*path", MastodonAPIController, :index) delete("/auth/sign_out", MastodonAPIController, :logout) + + scope [] do + pipe_through(:oauth_read_or_unauthenticated) + get("/web/*path", MastodonAPIController, :index) + end end pipeline :remote_media do @@ -547,6 +607,7 @@ defmodule Pleroma.Web.Router do scope "/proxy/", Pleroma.Web.MediaProxy do pipe_through(:remote_media) + get("/:sig/:url", MediaProxyController, :remote) get("/:sig/:url/:filename", MediaProxyController, :remote) end