Merge branch 'migration-fixes-20' into 'develop'
[akkoma] / lib / pleroma / web / twitter_api / controllers / remote_follow_controller.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
6 use Pleroma.Web, :controller
7
8 require Logger
9
10 alias Pleroma.Activity
11 alias Pleroma.Object.Fetcher
12 alias Pleroma.Plugs.OAuthScopesPlug
13 alias Pleroma.User
14 alias Pleroma.Web.Auth.Authenticator
15 alias Pleroma.Web.CommonAPI
16
17 @status_types ["Article", "Event", "Note", "Video", "Page", "Question"]
18
19 # Note: follower can submit the form (with password auth) not being signed in (having no token)
20 plug(
21 OAuthScopesPlug,
22 %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]}
23 when action in [:do_follow]
24 )
25
26 # GET /ostatus_subscribe
27 #
28 def follow(%{assigns: %{user: user}} = conn, %{"acct" => acct}) do
29 case is_status?(acct) do
30 true -> follow_status(conn, user, acct)
31 _ -> follow_account(conn, user, acct)
32 end
33 end
34
35 defp follow_status(conn, _user, acct) do
36 with {:ok, object} <- Fetcher.fetch_object_from_id(acct),
37 %Activity{id: activity_id} <- Activity.get_create_by_object_ap_id(object.data["id"]) do
38 redirect(conn, to: o_status_path(conn, :notice, activity_id))
39 else
40 error ->
41 handle_follow_error(conn, error)
42 end
43 end
44
45 defp follow_account(conn, user, acct) do
46 with {:ok, followee} <- User.get_or_fetch(acct) do
47 render(conn, follow_template(user), %{error: false, followee: followee, acct: acct})
48 else
49 {:error, _reason} ->
50 render(conn, follow_template(user), %{error: :error})
51 end
52 end
53
54 defp follow_template(%User{} = _user), do: "follow.html"
55 defp follow_template(_), do: "follow_login.html"
56
57 defp is_status?(acct) do
58 case Fetcher.fetch_and_contain_remote_object_from_id(acct) do
59 {:ok, %{"type" => type}} when type in @status_types ->
60 true
61
62 _ ->
63 false
64 end
65 end
66
67 # POST /ostatus_subscribe
68 #
69 def do_follow(%{assigns: %{user: %User{} = user}} = conn, %{"user" => %{"id" => id}}) do
70 with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
71 {:ok, _, _, _} <- CommonAPI.follow(user, followee) do
72 redirect(conn, to: "/users/#{followee.id}")
73 else
74 error ->
75 handle_follow_error(conn, error)
76 end
77 end
78
79 def do_follow(conn, %{"authorization" => %{"name" => _, "password" => _, "id" => id}}) do
80 with {:fetch_user, %User{} = followee} <- {:fetch_user, User.get_cached_by_id(id)},
81 {_, {:ok, user}, _} <- {:auth, Authenticator.get_user(conn), followee},
82 {:ok, _, _, _} <- CommonAPI.follow(user, followee) do
83 redirect(conn, to: "/users/#{followee.id}")
84 else
85 error ->
86 handle_follow_error(conn, error)
87 end
88 end
89
90 def do_follow(%{assigns: %{user: nil}} = conn, _) do
91 Logger.debug("Insufficient permissions: follow | write:follows.")
92 render(conn, "followed.html", %{error: "Insufficient permissions: follow | write:follows."})
93 end
94
95 defp handle_follow_error(conn, {:auth, _, followee} = _) do
96 render(conn, "follow_login.html", %{error: "Wrong username or password", followee: followee})
97 end
98
99 defp handle_follow_error(conn, {:fetch_user, error} = _) do
100 Logger.debug("Remote follow failed with error #{inspect(error)}")
101 render(conn, "followed.html", %{error: "Could not find user"})
102 end
103
104 defp handle_follow_error(conn, {:error, "Could not follow user:" <> _} = _) do
105 render(conn, "followed.html", %{error: "Error following account"})
106 end
107
108 defp handle_follow_error(conn, error) do
109 Logger.debug("Remote follow failed with error #{inspect(error)}")
110 render(conn, "followed.html", %{error: "Something went wrong."})
111 end
112 end