1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AccountController do
6 use Pleroma.Web, :controller
8 import Pleroma.Web.ControllerHelper,
12 assign_account_by_id: 2,
14 skip_relationships?: 1
17 alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
18 alias Pleroma.Plugs.OAuthScopesPlug
19 alias Pleroma.Plugs.RateLimiter
21 alias Pleroma.Web.ActivityPub.ActivityPub
22 alias Pleroma.Web.CommonAPI
23 alias Pleroma.Web.MastodonAPI.ListView
24 alias Pleroma.Web.MastodonAPI.MastodonAPI
25 alias Pleroma.Web.MastodonAPI.MastodonAPIController
26 alias Pleroma.Web.MastodonAPI.StatusView
27 alias Pleroma.Web.OAuth.Token
28 alias Pleroma.Web.TwitterAPI.TwitterAPI
30 plug(OpenApiSpex.Plug.CastAndValidate, render_error: Pleroma.Web.ApiSpec.RenderError)
32 plug(:skip_plug, [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :create)
34 plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action in [:show, :statuses])
38 %{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]}
39 when action in [:show, :followers, :following]
44 %{fallback: :proceed_unauthenticated, scopes: ["read:statuses"]}
45 when action == :statuses
50 %{scopes: ["read:accounts"]}
51 when action in [:verify_credentials, :endorsements, :identity_proofs]
54 plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :update_credentials)
56 plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists)
60 %{scopes: ["follow", "read:blocks"]} when action == :blocks
65 %{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock]
68 plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships)
72 %{scopes: ["follow", "write:follows"]} when action in [:follow_by_uri, :follow, :unfollow]
75 plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
77 plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
79 @relationship_actions [:follow, :unfollow]
80 @needs_account ~W(followers following lists follow unfollow mute unmute block unblock)a
84 [name: :relation_id_action, params: ["id", "uri"]] when action in @relationship_actions
87 plug(RateLimiter, [name: :relations_actions] when action in @relationship_actions)
88 plug(RateLimiter, [name: :app_account_creation] when action == :create)
89 plug(:assign_account_by_id when action in @needs_account)
91 action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
93 defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AccountOperation
95 @doc "POST /api/v1/accounts"
96 def create(%{assigns: %{app: app}, body_params: params} = conn, _params) do
97 with :ok <- validate_email_param(params),
98 :ok <- TwitterAPI.validate_captcha(app, params),
99 {:ok, user} <- TwitterAPI.register_user(params, need_confirmation: true),
100 {:ok, token} <- Token.create_token(app, user, %{scopes: app.scopes}) do
102 token_type: "Bearer",
103 access_token: token.token,
105 created_at: Token.Utils.format_created_at(token)
108 {:error, error} -> json_response(conn, :bad_request, %{error: error})
112 def create(%{assigns: %{app: _app}} = conn, _) do
113 render_error(conn, :bad_request, "Missing parameters")
116 def create(conn, _) do
117 render_error(conn, :forbidden, "Invalid credentials")
120 defp validate_email_param(%{email: email}) when not is_nil(email), do: :ok
122 defp validate_email_param(_) do
123 case Pleroma.Config.get([:instance, :account_activation_required]) do
124 true -> {:error, dgettext("errors", "Missing parameter: %{name}", name: "email")}
129 @doc "GET /api/v1/accounts/verify_credentials"
130 def verify_credentials(%{assigns: %{user: user}} = conn, _) do
131 chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
133 render(conn, "show.json",
136 with_pleroma_settings: true,
137 with_chat_token: chat_token
141 @doc "PATCH /api/v1/accounts/update_credentials"
142 def update_credentials(%{assigns: %{user: original_user}, body_params: params} = conn, _params) do
147 |> Enum.filter(fn {_, value} -> not is_nil(value) end)
154 :hide_followers_count,
160 :skip_thread_containment,
161 :allow_following_move,
164 |> Enum.reduce(%{}, fn key, acc ->
165 add_if_present(acc, params, key, key, &{:ok, truthy_param?(&1)})
167 |> add_if_present(params, :display_name, :name)
168 |> add_if_present(params, :note, :bio)
169 |> add_if_present(params, :avatar, :avatar)
170 |> add_if_present(params, :header, :banner)
171 |> add_if_present(params, :pleroma_background_image, :background)
176 &{:ok, normalize_fields_attributes(&1)}
178 |> add_if_present(params, :pleroma_settings_store, :pleroma_settings_store)
179 |> add_if_present(params, :default_scope, :default_scope)
180 |> add_if_present(params, :actor_type, :actor_type)
182 changeset = User.update_changeset(user, user_params)
184 with {:ok, user} <- User.update_and_set_cache(changeset) do
185 render(conn, "show.json", user: user, for: user, with_pleroma_settings: true)
187 _e -> render_error(conn, :forbidden, "Invalid request")
191 defp add_if_present(map, params, params_field, map_field, value_function \\ &{:ok, &1}) do
192 with true <- Map.has_key?(params, params_field),
193 {:ok, new_value} <- value_function.(Map.get(params, params_field)) do
194 Map.put(map, map_field, new_value)
200 defp normalize_fields_attributes(fields) do
201 if Enum.all?(fields, &is_tuple/1) do
202 Enum.map(fields, fn {_, v} -> v end)
205 %{} = field -> %{"name" => field.name, "value" => field.value}
211 @doc "GET /api/v1/accounts/relationships"
212 def relationships(%{assigns: %{user: user}} = conn, %{id: id}) do
213 targets = User.get_all_by_ids(List.wrap(id))
215 render(conn, "relationships.json", user: user, targets: targets)
218 # Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
219 def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
221 @doc "GET /api/v1/accounts/:id"
222 def show(%{assigns: %{user: for_user}} = conn, %{id: nickname_or_id}) do
223 with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
224 true <- User.visible_for?(user, for_user) do
225 render(conn, "show.json", user: user, for: for_user)
227 _e -> render_error(conn, :not_found, "Can't find user")
231 @doc "GET /api/v1/accounts/:id/statuses"
232 def statuses(%{assigns: %{user: reading_user}} = conn, params) do
233 with %User{} = user <- User.get_cached_by_nickname_or_id(params.id, for: reading_user),
234 true <- User.visible_for?(user, reading_user) do
237 |> Map.delete(:tagged)
238 |> Enum.filter(&(not is_nil(&1)))
239 |> Map.new(fn {key, value} -> {to_string(key), value} end)
240 |> Map.put("tag", params[:tagged])
242 activities = ActivityPub.fetch_user_activities(user, reading_user, params)
245 |> add_link_headers(activities)
246 |> put_view(StatusView)
247 |> render("index.json",
248 activities: activities,
251 skip_relationships: skip_relationships?(params)
254 _e -> render_error(conn, :not_found, "Can't find user")
258 @doc "GET /api/v1/accounts/:id/followers"
259 def followers(%{assigns: %{user: for_user, account: user}} = conn, params) do
262 |> Enum.map(fn {key, value} -> {to_string(key), value} end)
267 for_user && user.id == for_user.id -> MastodonAPI.get_followers(user, params)
268 user.hide_followers -> []
269 true -> MastodonAPI.get_followers(user, params)
273 |> add_link_headers(followers)
274 |> render("index.json", for: for_user, users: followers, as: :user)
277 @doc "GET /api/v1/accounts/:id/following"
278 def following(%{assigns: %{user: for_user, account: user}} = conn, params) do
281 |> Enum.map(fn {key, value} -> {to_string(key), value} end)
286 for_user && user.id == for_user.id -> MastodonAPI.get_friends(user, params)
287 user.hide_follows -> []
288 true -> MastodonAPI.get_friends(user, params)
292 |> add_link_headers(followers)
293 |> render("index.json", for: for_user, users: followers, as: :user)
296 @doc "GET /api/v1/accounts/:id/lists"
297 def lists(%{assigns: %{user: user, account: account}} = conn, _params) do
298 lists = Pleroma.List.get_lists_account_belongs(user, account)
301 |> put_view(ListView)
302 |> render("index.json", lists: lists)
305 @doc "POST /api/v1/accounts/:id/follow"
306 def follow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
307 {:error, "Can not follow yourself"}
310 def follow(%{assigns: %{user: follower, account: followed}} = conn, params) do
311 with {:ok, follower} <- MastodonAPI.follow(follower, followed, params) do
312 render(conn, "relationship.json", user: follower, target: followed)
314 {:error, message} -> json_response(conn, :forbidden, %{error: message})
318 @doc "POST /api/v1/accounts/:id/unfollow"
319 def unfollow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
320 {:error, "Can not unfollow yourself"}
323 def unfollow(%{assigns: %{user: follower, account: followed}} = conn, _params) do
324 with {:ok, follower} <- CommonAPI.unfollow(follower, followed) do
325 render(conn, "relationship.json", user: follower, target: followed)
329 @doc "POST /api/v1/accounts/:id/mute"
330 def mute(%{assigns: %{user: muter, account: muted}, body_params: params} = conn, _params) do
331 with {:ok, _user_relationships} <- User.mute(muter, muted, params.notifications) do
332 render(conn, "relationship.json", user: muter, target: muted)
334 {:error, message} -> json_response(conn, :forbidden, %{error: message})
338 @doc "POST /api/v1/accounts/:id/unmute"
339 def unmute(%{assigns: %{user: muter, account: muted}} = conn, _params) do
340 with {:ok, _user_relationships} <- User.unmute(muter, muted) do
341 render(conn, "relationship.json", user: muter, target: muted)
343 {:error, message} -> json_response(conn, :forbidden, %{error: message})
347 @doc "POST /api/v1/accounts/:id/block"
348 def block(%{assigns: %{user: blocker, account: blocked}} = conn, _params) do
349 with {:ok, _user_block} <- User.block(blocker, blocked),
350 {:ok, _activity} <- ActivityPub.block(blocker, blocked) do
351 render(conn, "relationship.json", user: blocker, target: blocked)
353 {:error, message} -> json_response(conn, :forbidden, %{error: message})
357 @doc "POST /api/v1/accounts/:id/unblock"
358 def unblock(%{assigns: %{user: blocker, account: blocked}} = conn, _params) do
359 with {:ok, _user_block} <- User.unblock(blocker, blocked),
360 {:ok, _activity} <- ActivityPub.unblock(blocker, blocked) do
361 render(conn, "relationship.json", user: blocker, target: blocked)
363 {:error, message} -> json_response(conn, :forbidden, %{error: message})
367 @doc "POST /api/v1/follows"
368 def follow_by_uri(%{body_params: %{uri: uri}} = conn, _) do
369 case User.get_cached_by_nickname(uri) do
372 |> assign(:account, user)
380 @doc "GET /api/v1/mutes"
381 def mutes(%{assigns: %{user: user}} = conn, _) do
382 users = User.muted_users(user, _restrict_deactivated = true)
383 render(conn, "index.json", users: users, for: user, as: :user)
386 @doc "GET /api/v1/blocks"
387 def blocks(%{assigns: %{user: user}} = conn, _) do
388 users = User.blocked_users(user, _restrict_deactivated = true)
389 render(conn, "index.json", users: users, for: user, as: :user)
392 @doc "GET /api/v1/endorsements"
393 def endorsements(conn, params), do: MastodonAPIController.empty_array(conn, params)
395 @doc "GET /api/v1/identity_proofs"
396 def identity_proofs(conn, params), do: MastodonAPIController.empty_array(conn, params)