X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Frouter.ex;h=d71011033cbf8b6e0f6616fc12d4d2c571f1cc47;hb=cea31df6a6e0e38ec6a260de0b6ae00d4d40c538;hp=2105d7e9ed2bbf842a97032d4a81e693c0ae2921;hpb=7b67bf4e970dcc641bcfdc137f306504c064d52d;p=akkoma diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 2105d7e9e..d71011033 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -37,11 +37,13 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug) end - pipeline :expect_authentication do + # Note: expects _user_ authentication (user-unbound app-bound tokens don't qualify) + pipeline :expect_user_authentication do plug(Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug) end - pipeline :expect_public_instance_or_authentication do + # Note: expects public instance or _user_ authentication (user-unbound tokens don't qualify) + pipeline :expect_public_instance_or_user_authentication do plug(Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug) end @@ -66,23 +68,30 @@ defmodule Pleroma.Web.Router do plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec) end - pipeline :api do - plug(:expect_public_instance_or_authentication) + pipeline :no_auth_or_privacy_expectations_api do plug(:base_api) plug(:after_auth) plug(Pleroma.Web.Plugs.IdempotencyPlug) end + # Pipeline for app-related endpoints (no user auth checks — app-bound tokens must be supported) + pipeline :app_api do + plug(:no_auth_or_privacy_expectations_api) + end + + pipeline :api do + plug(:expect_public_instance_or_user_authentication) + plug(:no_auth_or_privacy_expectations_api) + end + pipeline :authenticated_api do - plug(:expect_authentication) - plug(:base_api) - plug(:after_auth) + plug(:expect_user_authentication) + plug(:no_auth_or_privacy_expectations_api) plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug) - plug(Pleroma.Web.Plugs.IdempotencyPlug) end pipeline :admin_api do - plug(:expect_authentication) + plug(:expect_user_authentication) plug(:base_api) plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug) plug(:after_auth) @@ -411,6 +420,13 @@ defmodule Pleroma.Web.Router do get("/federation_status", InstancesController, :show) end + scope "/api/v2/pleroma", Pleroma.Web.PleromaAPI do + scope [] do + pipe_through(:authenticated_api) + get("/chats", ChatController, :index2) + end + end + scope "/api/v1", Pleroma.Web.MastodonAPI do pipe_through(:authenticated_api) @@ -432,10 +448,9 @@ defmodule Pleroma.Web.Router do post("/accounts/:id/mute", AccountController, :mute) post("/accounts/:id/unmute", AccountController, :unmute) - get("/apps/verify_credentials", AppController, :verify_credentials) - get("/conversations", ConversationController, :index) post("/conversations/:id/read", ConversationController, :mark_as_read) + delete("/conversations/:id", ConversationController, :delete) get("/domain_blocks", DomainBlockController, :index) post("/domain_blocks", DomainBlockController, :create) @@ -524,6 +539,13 @@ defmodule Pleroma.Web.Router do put("/settings", MastoFEController, :put_settings) end + scope "/api/v1", Pleroma.Web.MastodonAPI do + pipe_through(:app_api) + + post("/apps", AppController, :create) + get("/apps/verify_credentials", AppController, :verify_credentials) + end + scope "/api/v1", Pleroma.Web.MastodonAPI do pipe_through(:api) @@ -540,8 +562,6 @@ defmodule Pleroma.Web.Router do get("/instance", InstanceController, :show) get("/instance/peers", InstanceController, :peers) - post("/apps", AppController, :create) - get("/statuses", StatusController, :index) get("/statuses/:id", StatusController, :show) get("/statuses/:id/context", StatusController, :context)