projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into 1526-account-aliases
[akkoma] / lib / pleroma / web / mastodon_api / controllers / account_controller.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.AccountController do
6 use Pleroma.Web, :controller
7
8 import Pleroma.Web.ControllerHelper,
9 only: [
10 add_link_headers: 2,
11 truthy_param?: 1,
12 assign_account_by_id: 2,
13 embed_relationships?: 1,
14 json_response: 3
15 ]
16
17 alias Pleroma.Maps
18 alias Pleroma.User
19 alias Pleroma.Web.ActivityPub.ActivityPub
20 alias Pleroma.Web.ActivityPub.Builder
21 alias Pleroma.Web.ActivityPub.Pipeline
22 alias Pleroma.Web.CommonAPI
23 alias Pleroma.Web.MastodonAPI.ListView
24 alias Pleroma.Web.MastodonAPI.MastodonAPI
25 alias Pleroma.Web.MastodonAPI.MastodonAPIController
26 alias Pleroma.Web.MastodonAPI.StatusView
27 alias Pleroma.Web.OAuth.OAuthController
28 alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
29 alias Pleroma.Web.Plugs.OAuthScopesPlug
30 alias Pleroma.Web.Plugs.RateLimiter
31 alias Pleroma.Web.TwitterAPI.TwitterAPI
32
33 plug(Pleroma.Web.ApiSpec.CastAndValidate)
34
35 plug(:skip_plug, [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :create)
36
37 plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action in [:show, :statuses])
38
39 plug(
40 OAuthScopesPlug,
41 %{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]}
42 when action in [:show, :followers, :following]
43 )
44
45 plug(
46 OAuthScopesPlug,
47 %{fallback: :proceed_unauthenticated, scopes: ["read:statuses"]}
48 when action == :statuses
49 )
50
51 plug(
52 OAuthScopesPlug,
53 %{scopes: ["read:accounts"]}
54 when action in [:verify_credentials, :endorsements, :identity_proofs]
55 )
56
57 plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :update_credentials)
58
59 plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists)
60
61 plug(
62 OAuthScopesPlug,
63 %{scopes: ["follow", "read:blocks"]} when action == :blocks
64 )
65
66 plug(
67 OAuthScopesPlug,
68 %{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock]
69 )
70
71 plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships)
72
73 plug(
74 OAuthScopesPlug,
75 %{scopes: ["follow", "write:follows"]} when action in [:follow_by_uri, :follow, :unfollow]
76 )
77
78 plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
79
80 plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
81
82 @relationship_actions [:follow, :unfollow]
83 @needs_account ~W(followers following lists follow unfollow mute unmute block unblock)a
84
85 plug(
86 RateLimiter,
87 [name: :relation_id_action, params: [:id, :uri]] when action in @relationship_actions
88 )
89
90 plug(RateLimiter, [name: :relations_actions] when action in @relationship_actions)
91 plug(RateLimiter, [name: :app_account_creation] when action == :create)
92 plug(:assign_account_by_id when action in @needs_account)
93
94 action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
95
96 defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AccountOperation
97
98 @doc "POST /api/v1/accounts"
99 def create(%{assigns: %{app: app}, body_params: params} = conn, _params) do
100 with :ok <- validate_email_param(params),
101 :ok <- TwitterAPI.validate_captcha(app, params),
102 {:ok, user} <- TwitterAPI.register_user(params),
103 {_, {:ok, token}} <-
104 {:login, OAuthController.login(user, app, app.scopes)} do
105 OAuthController.after_token_exchange(conn, %{user: user, token: token})
106 else
107 {:login, {:account_status, :confirmation_pending}} ->
108 json_response(conn, :ok, %{
109 message: "You have been registered. Please check your email for further instructions.",
110 identifier: "missing_confirmed_email"
111 })
112
113 {:login, {:account_status, :approval_pending}} ->
114 json_response(conn, :ok, %{
115 message:
116 "You have been registered. You'll be able to log in once your account is approved.",
117 identifier: "awaiting_approval"
118 })
119
120 {:login, _} ->
121 json_response(conn, :ok, %{
122 message:
123 "You have been registered. Some post-registration steps may be pending. " <>
124 "Please log in manually.",
125 identifier: "manual_login_required"
126 })
127
128 {:error, error} ->
129 json_response(conn, :bad_request, %{error: error})
130 end
131 end
132
133 def create(%{assigns: %{app: _app}} = conn, _) do
134 render_error(conn, :bad_request, "Missing parameters")
135 end
136
137 def create(conn, _) do
138 render_error(conn, :forbidden, "Invalid credentials")
139 end
140
141 defp validate_email_param(%{email: email}) when not is_nil(email), do: :ok
142
143 defp validate_email_param(_) do
144 case Pleroma.Config.get([:instance, :account_activation_required]) do
145 true -> {:error, dgettext("errors", "Missing parameter: %{name}", name: "email")}
146 _ -> :ok
147 end
148 end
149
150 @doc "GET /api/v1/accounts/verify_credentials"
151 def verify_credentials(%{assigns: %{user: user}} = conn, _) do
152 chat_token = Phoenix.Token.sign(conn, "user socket", user.id)
153
154 render(conn, "show.json",
155 user: user,
156 for: user,
157 with_pleroma_settings: true,
158 with_chat_token: chat_token
159 )
160 end
161
162 @doc "PATCH /api/v1/accounts/update_credentials"
163 def update_credentials(%{assigns: %{user: user}, body_params: params} = conn, _params) do
164 params =
165 params
166 |> Enum.filter(fn {_, value} -> not is_nil(value) end)
167 |> Enum.into(%{})
168
169 # We use an empty string as a special value to reset
170 # avatars, banners, backgrounds
171 user_image_value = fn
172 "" -> {:ok, nil}
173 value -> {:ok, value}
174 end
175
176 user_params =
177 [
178 :no_rich_text,
179 :hide_followers_count,
180 :hide_follows_count,
181 :hide_followers,
182 :hide_follows,
183 :hide_favorites,
184 :show_role,
185 :skip_thread_containment,
186 :allow_following_move,
187 :also_known_as,
188 :accepts_chat_messages
189 ]
190 |> Enum.reduce(%{}, fn key, acc ->
191 Maps.put_if_present(acc, key, params[key], &{:ok, truthy_param?(&1)})
192 end)
193 |> Maps.put_if_present(:name, params[:display_name])
194 |> Maps.put_if_present(:bio, params[:note])
195 |> Maps.put_if_present(:raw_bio, params[:note])
196 |> Maps.put_if_present(:avatar, params[:avatar], user_image_value)
197 |> Maps.put_if_present(:banner, params[:header], user_image_value)
198 |> Maps.put_if_present(:background, params[:pleroma_background_image], user_image_value)
199 |> Maps.put_if_present(
200 :raw_fields,
201 params[:fields_attributes],
202 &{:ok, normalize_fields_attributes(&1)}
203 )
204 |> Maps.put_if_present(:pleroma_settings_store, params[:pleroma_settings_store])
205 |> Maps.put_if_present(:default_scope, params[:default_scope])
206 |> Maps.put_if_present(:default_scope, params["source"]["privacy"])
207 |> Maps.put_if_present(:actor_type, params[:bot], fn bot ->
208 if bot, do: {:ok, "Service"}, else: {:ok, "Person"}
209 end)
210 |> Maps.put_if_present(:actor_type, params[:actor_type])
211 |> Maps.put_if_present(:also_known_as, params[:also_known_as])
212 # Note: param name is indeed :locked (not an error)
213 |> Maps.put_if_present(:is_locked, params[:locked])
214 # Note: param name is indeed :discoverable (not an error)
215 |> Maps.put_if_present(:is_discoverable, params[:discoverable])
216
217 # What happens here:
218 #
219 # We want to update the user through the pipeline, but the ActivityPub
220 # update information is not quite enough for this, because this also
221 # contains local settings that don't federate and don't even appear
222 # in the Update activity.
223 #
224 # So we first build the normal local changeset, then apply it to the
225 # user data, but don't persist it. With this, we generate the object
226 # data for our update activity. We feed this and the changeset as meta
227 # inforation into the pipeline, where they will be properly updated and
228 # federated.
229 with changeset <- User.update_changeset(user, user_params),
230 {:ok, unpersisted_user} <- Ecto.Changeset.apply_action(changeset, :update),
231 updated_object <-
232 Pleroma.Web.ActivityPub.UserView.render("user.json", user: unpersisted_user)
233 |> Map.delete("@context"),
234 {:ok, update_data, []} <- Builder.update(user, updated_object),
235 {:ok, _update, _} <-
236 Pipeline.common_pipeline(update_data,
237 local: true,
238 user_update_changeset: changeset
239 ) do
240 render(conn, "show.json",
241 user: unpersisted_user,
242 for: unpersisted_user,
243 with_pleroma_settings: true
244 )
245 else
246 _e -> render_error(conn, :forbidden, "Invalid request")
247 end
248 end
249
250 defp normalize_fields_attributes(fields) do
251 if Enum.all?(fields, &is_tuple/1) do
252 Enum.map(fields, fn {_, v} -> v end)
253 else
254 Enum.map(fields, fn
255 %{} = field -> %{"name" => field.name, "value" => field.value}
256 field -> field
257 end)
258 end
259 end
260
261 @doc "GET /api/v1/accounts/relationships"
262 def relationships(%{assigns: %{user: user}} = conn, %{id: id}) do
263 targets = User.get_all_by_ids(List.wrap(id))
264
265 render(conn, "relationships.json", user: user, targets: targets)
266 end
267
268 # Instead of returning a 400 when no "id" params is present, Mastodon returns an empty array.
269 def relationships(%{assigns: %{user: _user}} = conn, _), do: json(conn, [])
270
271 @doc "GET /api/v1/accounts/:id"
272 def show(%{assigns: %{user: for_user}} = conn, %{id: nickname_or_id}) do
273 with %User{} = user <- User.get_cached_by_nickname_or_id(nickname_or_id, for: for_user),
274 :visible <- User.visible_for(user, for_user) do
275 render(conn, "show.json", user: user, for: for_user)
276 else
277 error -> user_visibility_error(conn, error)
278 end
279 end
280
281 @doc "GET /api/v1/accounts/:id/statuses"
282 def statuses(%{assigns: %{user: reading_user}} = conn, params) do
283 with %User{} = user <- User.get_cached_by_nickname_or_id(params.id, for: reading_user),
284 :visible <- User.visible_for(user, reading_user) do
285 params =
286 params
287 |> Map.delete(:tagged)
288 |> Map.put(:tag, params[:tagged])
289
290 activities = ActivityPub.fetch_user_activities(user, reading_user, params)
291
292 conn
293 |> add_link_headers(activities)
294 |> put_view(StatusView)
295 |> render("index.json",
296 activities: activities,
297 for: reading_user,
298 as: :activity,
299 with_muted: Map.get(params, :with_muted, false)
300 )
301 else
302 error -> user_visibility_error(conn, error)
303 end
304 end
305
306 defp user_visibility_error(conn, error) do
307 case error do
308 :restrict_unauthenticated ->
309 render_error(conn, :unauthorized, "This API requires an authenticated user")
310
311 _ ->
312 render_error(conn, :not_found, "Can't find user")
313 end
314 end
315
316 @doc "GET /api/v1/accounts/:id/followers"
317 def followers(%{assigns: %{user: for_user, account: user}} = conn, params) do
318 params =
319 params
320 |> Enum.map(fn {key, value} -> {to_string(key), value} end)
321 |> Enum.into(%{})
322
323 followers =
324 cond do
325 for_user && user.id == for_user.id -> MastodonAPI.get_followers(user, params)
326 user.hide_followers -> []
327 true -> MastodonAPI.get_followers(user, params)
328 end
329
330 conn
331 |> add_link_headers(followers)
332 # https://git.pleroma.social/pleroma/pleroma-fe/-/issues/838#note_59223
333 |> render("index.json",
334 for: for_user,
335 users: followers,
336 as: :user,
337 embed_relationships: embed_relationships?(params)
338 )
339 end
340
341 @doc "GET /api/v1/accounts/:id/following"
342 def following(%{assigns: %{user: for_user, account: user}} = conn, params) do
343 params =
344 params
345 |> Enum.map(fn {key, value} -> {to_string(key), value} end)
346 |> Enum.into(%{})
347
348 followers =
349 cond do
350 for_user && user.id == for_user.id -> MastodonAPI.get_friends(user, params)
351 user.hide_follows -> []
352 true -> MastodonAPI.get_friends(user, params)
353 end
354
355 conn
356 |> add_link_headers(followers)
357 # https://git.pleroma.social/pleroma/pleroma-fe/-/issues/838#note_59223
358 |> render("index.json",
359 for: for_user,
360 users: followers,
361 as: :user,
362 embed_relationships: embed_relationships?(params)
363 )
364 end
365
366 @doc "GET /api/v1/accounts/:id/lists"
367 def lists(%{assigns: %{user: user, account: account}} = conn, _params) do
368 lists = Pleroma.List.get_lists_account_belongs(user, account)
369
370 conn
371 |> put_view(ListView)
372 |> render("index.json", lists: lists)
373 end
374
375 @doc "POST /api/v1/accounts/:id/follow"
376 def follow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
377 {:error, "Can not follow yourself"}
378 end
379
380 def follow(%{body_params: params, assigns: %{user: follower, account: followed}} = conn, _) do
381 with {:ok, follower} <- MastodonAPI.follow(follower, followed, params) do
382 render(conn, "relationship.json", user: follower, target: followed)
383 else
384 {:error, message} -> json_response(conn, :forbidden, %{error: message})
385 end
386 end
387
388 @doc "POST /api/v1/accounts/:id/unfollow"
389 def unfollow(%{assigns: %{user: %{id: id}, account: %{id: id}}}, _params) do
390 {:error, "Can not unfollow yourself"}
391 end
392
393 def unfollow(%{assigns: %{user: follower, account: followed}} = conn, _params) do
394 with {:ok, follower} <- CommonAPI.unfollow(follower, followed) do
395 render(conn, "relationship.json", user: follower, target: followed)
396 end
397 end
398
399 @doc "POST /api/v1/accounts/:id/mute"
400 def mute(%{assigns: %{user: muter, account: muted}, body_params: params} = conn, _params) do
401 with {:ok, _user_relationships} <- User.mute(muter, muted, params) do
402 render(conn, "relationship.json", user: muter, target: muted)
403 else
404 {:error, message} -> json_response(conn, :forbidden, %{error: message})
405 end
406 end
407
408 @doc "POST /api/v1/accounts/:id/unmute"
409 def unmute(%{assigns: %{user: muter, account: muted}} = conn, _params) do
410 with {:ok, _user_relationships} <- User.unmute(muter, muted) do
411 render(conn, "relationship.json", user: muter, target: muted)
412 else
413 {:error, message} -> json_response(conn, :forbidden, %{error: message})
414 end
415 end
416
417 @doc "POST /api/v1/accounts/:id/block"
418 def block(%{assigns: %{user: blocker, account: blocked}} = conn, _params) do
419 with {:ok, _activity} <- CommonAPI.block(blocker, blocked) do
420 render(conn, "relationship.json", user: blocker, target: blocked)
421 else
422 {:error, message} -> json_response(conn, :forbidden, %{error: message})
423 end
424 end
425
426 @doc "POST /api/v1/accounts/:id/unblock"
427 def unblock(%{assigns: %{user: blocker, account: blocked}} = conn, _params) do
428 with {:ok, _activity} <- CommonAPI.unblock(blocker, blocked) do
429 render(conn, "relationship.json", user: blocker, target: blocked)
430 else
431 {:error, message} -> json_response(conn, :forbidden, %{error: message})
432 end
433 end
434
435 @doc "POST /api/v1/follows"
436 def follow_by_uri(%{body_params: %{uri: uri}} = conn, _) do
437 case User.get_cached_by_nickname(uri) do
438 %User{} = user ->
439 conn
440 |> assign(:account, user)
441 |> follow(%{})
442
443 nil ->
444 {:error, :not_found}
445 end
446 end
447
448 @doc "GET /api/v1/mutes"
449 def mutes(%{assigns: %{user: user}} = conn, params) do
450 users =
451 user
452 |> User.muted_users_relation(_restrict_deactivated = true)
453 |> Pleroma.Pagination.fetch_paginated(Map.put(params, :skip_order, true))
454
455 conn
456 |> add_link_headers(users)
457 |> render("index.json", users: users, for: user, as: :user)
458 end
459
460 @doc "GET /api/v1/blocks"
461 def blocks(%{assigns: %{user: user}} = conn, params) do
462 users =
463 user
464 |> User.blocked_users_relation(_restrict_deactivated = true)
465 |> Pleroma.Pagination.fetch_paginated(Map.put(params, :skip_order, true))
466
467 conn
468 |> add_link_headers(users)
469 |> render("index.json", users: users, for: user, as: :user)
470 end
471
472 @doc "GET /api/v1/endorsements"
473 def endorsements(conn, params), do: MastodonAPIController.empty_array(conn, params)
474
475 @doc "GET /api/v1/identity_proofs"
476 def identity_proofs(conn, params), do: MastodonAPIController.empty_array(conn, params)
477 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git