1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.ApiSpec.AccountOperation do
6 alias OpenApiSpex.Operation
7 alias OpenApiSpex.Reference
8 alias OpenApiSpex.Schema
9 alias Pleroma.Web.ApiSpec.Schemas.Account
10 alias Pleroma.Web.ApiSpec.Schemas.AccountRelationship
11 alias Pleroma.Web.ApiSpec.Schemas.ActorType
12 alias Pleroma.Web.ApiSpec.Schemas.ApiError
13 alias Pleroma.Web.ApiSpec.Schemas.BooleanLike
14 alias Pleroma.Web.ApiSpec.Schemas.List
15 alias Pleroma.Web.ApiSpec.Schemas.Status
16 alias Pleroma.Web.ApiSpec.Schemas.VisibilityScope
18 import Pleroma.Web.ApiSpec.Helpers
20 @spec open_api_operation(atom) :: Operation.t()
21 def open_api_operation(action) do
22 operation = String.to_existing_atom("#{action}_operation")
23 apply(__MODULE__, operation, [])
26 @spec create_operation() :: Operation.t()
27 def create_operation do
29 tags: ["Account credentials"],
30 summary: "Register an account",
32 "Creates a user and account records. Returns an account access token for the app that initiated the request. The app should save this token for later, and should wait for the user to confirm their account by clicking a link in their email inbox.",
33 operationId: "AccountController.create",
34 requestBody: request_body("Parameters", create_request(), required: true),
36 200 => Operation.response("Account", "application/json", create_response()),
37 400 => Operation.response("Error", "application/json", ApiError),
38 403 => Operation.response("Error", "application/json", ApiError),
39 429 => Operation.response("Error", "application/json", ApiError)
44 def verify_credentials_operation do
46 tags: ["Account credentials"],
47 description: "Test to make sure that the user token works.",
48 summary: "Verify account credentials",
49 operationId: "AccountController.verify_credentials",
50 security: [%{"oAuth" => ["read:accounts"]}],
52 200 => Operation.response("Account", "application/json", Account)
57 def update_credentials_operation do
59 tags: ["Account credentials"],
60 summary: "Update account credentials",
61 description: "Update the user's display and preferences.",
62 operationId: "AccountController.update_credentials",
63 security: [%{"oAuth" => ["write:accounts"]}],
64 requestBody: request_body("Parameters", update_credentials_request(), required: true),
66 200 => Operation.response("Account", "application/json", Account),
67 403 => Operation.response("Error", "application/json", ApiError)
72 def relationships_operation do
74 tags: ["Retrieve account information"],
75 summary: "Relationship with current account",
76 operationId: "AccountController.relationships",
77 description: "Find out whether a given account is followed, blocked, muted, etc.",
78 security: [%{"oAuth" => ["read:follows"]}],
84 oneOf: [%Schema{type: :array, items: %Schema{type: :string}}, %Schema{type: :string}]
91 200 => Operation.response("Account", "application/json", array_of_relationships())
98 tags: ["Retrieve account information"],
100 operationId: "AccountController.show",
101 description: "View information about a profile.",
103 %Reference{"$ref": "#/components/parameters/accountIdOrNickname"},
104 with_relationships_param()
107 200 => Operation.response("Account", "application/json", Account),
108 401 => Operation.response("Error", "application/json", ApiError),
109 404 => Operation.response("Error", "application/json", ApiError)
114 def statuses_operation do
117 tags: ["Retrieve account information"],
118 operationId: "AccountController.statuses",
120 "Statuses posted to the given account. Public (for public statuses only), or user token + `read:statuses` (for private statuses the user is authorized to see)",
123 %Reference{"$ref": "#/components/parameters/accountIdOrNickname"},
124 Operation.parameter(:pinned, :query, BooleanLike, "Include only pinned statuses"),
125 Operation.parameter(:tagged, :query, :string, "With tag"),
130 "Include only statuses with media attached"
136 "Include statuses from muted accounts."
138 Operation.parameter(:exclude_reblogs, :query, BooleanLike, "Exclude reblogs"),
139 Operation.parameter(:exclude_replies, :query, BooleanLike, "Exclude replies"),
141 :exclude_visibilities,
143 %Schema{type: :array, items: VisibilityScope},
144 "Exclude visibilities"
150 "Include reactions from muted accounts."
152 ] ++ pagination_params(),
154 200 => Operation.response("Statuses", "application/json", array_of_statuses()),
155 401 => Operation.response("Error", "application/json", ApiError),
156 404 => Operation.response("Error", "application/json", ApiError)
161 def followers_operation do
163 tags: ["Retrieve account information"],
164 summary: "Followers",
165 operationId: "AccountController.followers",
166 security: [%{"oAuth" => ["read:accounts"]}],
168 "Accounts which follow the given account, if network is not hidden by the account owner.",
170 %Reference{"$ref": "#/components/parameters/accountIdOrNickname"},
171 Operation.parameter(:id, :query, :string, "ID of the resource owner"),
172 with_relationships_param() | pagination_params()
175 200 => Operation.response("Accounts", "application/json", array_of_accounts())
180 def following_operation do
182 tags: ["Retrieve account information"],
183 summary: "Following",
184 operationId: "AccountController.following",
185 security: [%{"oAuth" => ["read:accounts"]}],
187 "Accounts which the given account is following, if network is not hidden by the account owner.",
189 %Reference{"$ref": "#/components/parameters/accountIdOrNickname"},
190 Operation.parameter(:id, :query, :string, "ID of the resource owner"),
191 with_relationships_param() | pagination_params()
193 responses: %{200 => Operation.response("Accounts", "application/json", array_of_accounts())}
197 def lists_operation do
199 tags: ["Retrieve account information"],
200 summary: "Lists containing this account",
201 operationId: "AccountController.lists",
202 security: [%{"oAuth" => ["read:lists"]}],
203 description: "User lists that you have added this account to.",
204 parameters: [%Reference{"$ref": "#/components/parameters/accountIdOrNickname"}],
205 responses: %{200 => Operation.response("Lists", "application/json", array_of_lists())}
209 def follow_operation do
211 tags: ["Account actions"],
213 operationId: "AccountController.follow",
214 security: [%{"oAuth" => ["follow", "write:follows"]}],
215 description: "Follow the given account",
217 %Reference{"$ref": "#/components/parameters/accountIdOrNickname"}
227 description: "Receive this account's reblogs in home timeline? Defaults to true.",
235 200 => Operation.response("Relationship", "application/json", AccountRelationship),
236 400 => Operation.response("Error", "application/json", ApiError),
237 404 => Operation.response("Error", "application/json", ApiError)
242 def unfollow_operation do
244 tags: ["Account actions"],
246 operationId: "AccountController.unfollow",
247 security: [%{"oAuth" => ["follow", "write:follows"]}],
248 description: "Unfollow the given account",
249 parameters: [%Reference{"$ref": "#/components/parameters/accountIdOrNickname"}],
251 200 => Operation.response("Relationship", "application/json", AccountRelationship),
252 400 => Operation.response("Error", "application/json", ApiError),
253 404 => Operation.response("Error", "application/json", ApiError)
258 def mute_operation do
260 tags: ["Account actions"],
262 operationId: "AccountController.mute",
263 security: [%{"oAuth" => ["follow", "write:mutes"]}],
264 requestBody: request_body("Parameters", mute_request()),
266 "Mute the given account. Clients should filter statuses and notifications from this account, if received (e.g. due to a boost in the Home timeline).",
268 %Reference{"$ref": "#/components/parameters/accountIdOrNickname"},
272 %Schema{allOf: [BooleanLike], default: true},
273 "Mute notifications in addition to statuses? Defaults to `true`."
278 %Schema{type: :integer, default: 0},
279 "Expire the mute in `expires_in` seconds. Default 0 for infinity"
283 200 => Operation.response("Relationship", "application/json", AccountRelationship)
288 def unmute_operation do
290 tags: ["Account actions"],
292 operationId: "AccountController.unmute",
293 security: [%{"oAuth" => ["follow", "write:mutes"]}],
294 description: "Unmute the given account.",
295 parameters: [%Reference{"$ref": "#/components/parameters/accountIdOrNickname"}],
297 200 => Operation.response("Relationship", "application/json", AccountRelationship)
302 def block_operation do
304 tags: ["Account actions"],
306 operationId: "AccountController.block",
307 security: [%{"oAuth" => ["follow", "write:blocks"]}],
309 "Block the given account. Clients should filter statuses from this account if received (e.g. due to a boost in the Home timeline)",
310 parameters: [%Reference{"$ref": "#/components/parameters/accountIdOrNickname"}],
312 200 => Operation.response("Relationship", "application/json", AccountRelationship)
317 def unblock_operation do
319 tags: ["Account actions"],
321 operationId: "AccountController.unblock",
322 security: [%{"oAuth" => ["follow", "write:blocks"]}],
323 description: "Unblock the given account.",
324 parameters: [%Reference{"$ref": "#/components/parameters/accountIdOrNickname"}],
326 200 => Operation.response("Relationship", "application/json", AccountRelationship)
331 def note_operation do
333 tags: ["Account actions"],
334 summary: "Create note",
335 operationId: "AccountController.note",
336 security: [%{"oAuth" => ["follow", "write:accounts"]}],
337 requestBody: request_body("Parameters", note_request()),
338 description: "Create a note for the given account.",
340 %Reference{"$ref": "#/components/parameters/accountIdOrNickname"},
344 %Schema{type: :string},
349 200 => Operation.response("Relationship", "application/json", AccountRelationship)
354 def follow_by_uri_operation do
356 tags: ["Account actions"],
357 summary: "Follow by URI",
358 operationId: "AccountController.follows",
359 security: [%{"oAuth" => ["follow", "write:follows"]}],
360 requestBody: request_body("Parameters", follow_by_uri_request(), required: true),
362 200 => Operation.response("Account", "application/json", AccountRelationship),
363 400 => Operation.response("Error", "application/json", ApiError),
364 404 => Operation.response("Error", "application/json", ApiError)
369 def mutes_operation do
371 tags: ["Blocks and mutes"],
372 summary: "Retrieve list of mutes",
373 operationId: "AccountController.mutes",
374 description: "Accounts the user has muted.",
375 security: [%{"oAuth" => ["follow", "read:mutes"]}],
376 parameters: [with_relationships_param() | pagination_params()],
378 200 => Operation.response("Accounts", "application/json", array_of_accounts())
383 def blocks_operation do
385 tags: ["Blocks and mutes"],
386 summary: "Retrieve list of blocks",
387 operationId: "AccountController.blocks",
388 description: "View your blocks. See also accounts/:id/{block,unblock}",
389 security: [%{"oAuth" => ["read:blocks"]}],
390 parameters: pagination_params(),
392 200 => Operation.response("Accounts", "application/json", array_of_accounts())
397 def endorsements_operation do
399 tags: ["Retrieve account information"],
400 summary: "Endorsements",
401 operationId: "AccountController.endorsements",
402 description: "Not implemented",
403 security: [%{"oAuth" => ["read:accounts"]}],
405 200 => empty_array_response()
410 def identity_proofs_operation do
412 tags: ["Retrieve account information"],
413 summary: "Identity proofs",
414 operationId: "AccountController.identity_proofs",
415 # Validators complains about unused path params otherwise
417 %Reference{"$ref": "#/components/parameters/accountIdOrNickname"}
419 description: "Not implemented",
421 200 => empty_array_response()
426 defp create_request do
428 title: "AccountCreateRequest",
429 description: "POST body for creating an account",
431 required: [:username, :password, :agreement],
437 "Text that will be reviewed by moderators if registrations require manual approval"
439 username: %Schema{type: :string, description: "The desired username for the account"},
444 "The email address to be used for login. Required when `account_activation_required` is enabled.",
449 description: "The password to be used for login",
453 allOf: [BooleanLike],
455 "Whether the user agrees to the local rules, terms, and policies. These should be presented to the user in order to allow them to consent before setting this parameter to TRUE."
460 description: "The language of the confirmation email that will be sent"
462 # Pleroma-specific properties:
463 fullname: %Schema{type: :string, nullable: true, description: "Full name"},
464 bio: %Schema{type: :string, description: "Bio", nullable: true, default: ""},
465 captcha_solution: %Schema{
468 description: "Provider-specific captcha solution"
470 captcha_token: %Schema{
473 description: "Provider-specific captcha token"
475 captcha_answer_data: %Schema{
478 description: "Provider-specific captcha data"
483 description: "Invite token required when the registrations aren't public"
487 "username" => "cofe",
488 "email" => "cofe@example.com",
489 "password" => "secret",
490 "agreement" => "true",
496 # Note: this is a token response (if login succeeds!), but there's no oauth operation file yet.
497 defp create_response do
499 title: "AccountCreateResponse",
500 description: "Response schema for an account",
503 # The response when auto-login on create succeeds (token is issued):
504 token_type: %Schema{type: :string},
505 access_token: %Schema{type: :string},
506 refresh_token: %Schema{type: :string},
507 scope: %Schema{type: :string},
508 created_at: %Schema{type: :integer, format: :"date-time"},
509 me: %Schema{type: :string},
510 expires_in: %Schema{type: :integer},
512 # The response when registration succeeds but auto-login fails (no token):
513 identifier: %Schema{type: :string},
514 message: %Schema{type: :string}
516 # Note: example of successful registration with failed login response:
518 # "identifier" => "missing_confirmed_email",
519 # "message" => "You have been registered. Please check your email for further instructions."
522 "token_type" => "Bearer",
523 "access_token" => "i9hAVVzGld86Pl5JtLtizKoXVvtTlSCJvwaugCxvZzk",
524 "refresh_token" => "i9hAVVzGld86Pl5JtLtizKoXVvtTlSCJvwaugCxvZzz",
525 "created_at" => 1_585_918_714,
527 "scope" => "read write follow push",
528 "me" => "https://gensokyo.2hu/users/raymoo"
533 defp update_credentials_request do
535 title: "AccountUpdateCredentialsRequest",
536 description: "POST body for creating an account",
540 allOf: [BooleanLike],
542 description: "Whether the account has a bot flag."
544 display_name: %Schema{
547 description: "The display name to use for the profile."
549 note: %Schema{type: :string, description: "The account bio."},
553 description: "Avatar image encoded using multipart/form-data",
559 description: "Header image encoded using multipart/form-data",
563 allOf: [BooleanLike],
565 description: "Whether manual approval of follow requests is required."
567 accepts_chat_messages: %Schema{
568 allOf: [BooleanLike],
570 description: "Whether the user accepts receiving chat messages."
572 fields_attributes: %Schema{
575 %Schema{type: :array, items: attribute_field()},
576 %Schema{type: :object, additionalProperties: attribute_field()}
579 # NOTE: `source` field is not supported
584 # privacy: %Schema{type: :string},
585 # sensitive: %Schema{type: :boolean},
586 # language: %Schema{type: :string}
590 # Pleroma-specific fields
591 no_rich_text: %Schema{
592 allOf: [BooleanLike],
594 description: "html tags are stripped from all statuses requested from the API"
596 hide_followers: %Schema{
597 allOf: [BooleanLike],
599 description: "user's followers will be hidden"
601 hide_follows: %Schema{
602 allOf: [BooleanLike],
604 description: "user's follows will be hidden"
606 hide_followers_count: %Schema{
607 allOf: [BooleanLike],
609 description: "user's follower count will be hidden"
611 hide_follows_count: %Schema{
612 allOf: [BooleanLike],
614 description: "user's follow count will be hidden"
616 hide_favorites: %Schema{
617 allOf: [BooleanLike],
619 description: "user's favorites timeline will be hidden"
622 allOf: [BooleanLike],
624 description: "user's role (e.g admin, moderator) will be exposed to anyone in the
627 default_scope: VisibilityScope,
628 pleroma_settings_store: %Schema{
631 description: "Opaque user settings to be saved on the backend."
633 skip_thread_containment: %Schema{
634 allOf: [BooleanLike],
636 description: "Skip filtering out broken threads"
638 allow_following_move: %Schema{
639 allOf: [BooleanLike],
641 description: "Allows automatically follow moved following accounts"
643 also_known_as: %Schema{
645 items: %Schema{type: :string},
647 description: "List of alternate ActivityPub IDs"
649 pleroma_background_image: %Schema{
652 description: "Sets the background image of the user.",
655 discoverable: %Schema{
656 allOf: [BooleanLike],
659 "Discovery (listing, indexing) of this account by external services (search bots etc.) is allowed."
661 actor_type: ActorType
665 display_name: "cofe",
667 fields_attributes: [%{name: "foo", value: "bar"}],
669 hide_followers: true,
671 hide_followers_count: false,
672 hide_follows_count: false,
673 hide_favorites: false,
675 default_scope: "private",
676 pleroma_settings_store: %{"pleroma-fe" => %{"key" => "val"}},
677 skip_thread_containment: false,
678 allow_following_move: false,
679 also_known_as: ["https://foo.bar/users/foo"],
686 def array_of_accounts do
688 title: "ArrayOfAccounts",
691 example: [Account.schema().example]
695 defp array_of_relationships do
697 title: "ArrayOfRelationships",
698 description: "Response schema for account relationships",
700 items: AccountRelationship,
705 "showing_reblogs" => true,
706 "followed_by" => true,
708 "blocked_by" => true,
710 "muting_notifications" => false,
712 "requested" => false,
713 "domain_blocking" => false,
714 "subscribing" => false,
720 "showing_reblogs" => true,
721 "followed_by" => true,
723 "blocked_by" => true,
725 "muting_notifications" => false,
728 "domain_blocking" => false,
729 "subscribing" => false,
735 "showing_reblogs" => true,
736 "followed_by" => true,
738 "blocked_by" => false,
740 "muting_notifications" => false,
742 "requested" => false,
743 "domain_blocking" => true,
744 "subscribing" => true,
751 defp follow_by_uri_request do
753 title: "AccountFollowsRequest",
754 description: "POST body for muting an account",
757 uri: %Schema{type: :string, nullable: true, format: :uri}
765 title: "AccountMuteRequest",
766 description: "POST body for muting an account",
769 notifications: %Schema{
770 allOf: [BooleanLike],
772 description: "Mute notifications in addition to statuses? Defaults to true.",
778 description: "Expire the mute in `expires_in` seconds. Default 0 for infinity",
783 "notifications" => true,
784 "expires_in" => 86_400
791 title: "AccountNoteRequest",
792 description: "POST body for adding a note for an account",
797 description: "Account note body"
801 "comment" => "Example note"
806 defp array_of_lists do
808 title: "ArrayOfLists",
809 description: "Response schema for lists",
813 %{"id" => "123", "title" => "my list"},
814 %{"id" => "1337", "title" => "anotehr list"}
819 defp array_of_statuses do
821 title: "ArrayOfStatuses",
827 defp attribute_field do
829 title: "AccountAttributeField",
830 description: "Request schema for account custom fields",
833 name: %Schema{type: :string},
834 value: %Schema{type: :string}
836 required: [:name, :value],
839 "value" => "https://pleroma.com"