mastodon api: add support for user-supplied html policy

author William Pitcock <nenolod@dereferenced.org>

Sat, 22 Sep 2018 02:14:25 +0000 (02:14 +0000)

committer William Pitcock <nenolod@dereferenced.org>

Sat, 22 Sep 2018 02:53:02 +0000 (02:53 +0000)
author William Pitcock <nenolod@dereferenced.org>
Sat, 22 Sep 2018 02:14:25 +0000 (02:14 +0000)
committer William Pitcock <nenolod@dereferenced.org>
Sat, 22 Sep 2018 02:53:02 +0000 (02:53 +0000)
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex

index 3d292182d4ed9fc629831f6f9cf8ec18d9339339..47ae61b5b5ec5941440f8b713cefdf4fd7245e95 100644 (file)
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -98,7 +98,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
          CommonAPI.update(user)
        end
  
-      json(conn, AccountView.render("account.json", %{user: user}))
+      json(conn, AccountView.render("account.json", %{user: user, for: user}))
      else
        _e ->
          conn
@@ -108,13 +108,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
    end
  
    def verify_credentials(%{assigns: %{user: user}} = conn, _) do
-    account = AccountView.render("account.json", %{user: user})
+    account = AccountView.render("account.json", %{user: user, for: user})
      json(conn, account)
    end
  
-  def user(conn, %{"id" => id}) do
+  def user(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do
      with %User{} = user <- Repo.get(User, id) do
-      account = AccountView.render("account.json", %{user: user})
+      account = AccountView.render("account.json", %{user: user, for: for_user})
        json(conn, account)
      else
        _e ->
@@ -588,7 +588,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
      with %User{} = followed <- Repo.get_by(User, nickname: uri),
           {:ok, follower} <- User.maybe_direct_follow(follower, followed),
           {:ok, _activity} <- ActivityPub.follow(follower, followed) do
-      render(conn, AccountView, "account.json", %{user: followed})
+      render(conn, AccountView, "account.json", %{user: followed, for: follower})
      else
        {:error, message} ->
          conn
@@ -858,7 +858,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
  
      if user && token do
        mastodon_emoji = mastodonized_emoji()
-      accounts = Map.put(%{}, user.id, AccountView.render("account.json", %{user: user}))
+      accounts = Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user}))
  
        initial_state =
          %{
@@ -1038,7 +1038,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
            id: id,
            type: "mention",
            created_at: created_at,
-          account: AccountView.render("account.json", %{user: actor}),
+          account: AccountView.render("account.json", %{user: actor, for: user}),
            status: StatusView.render("status.json", %{activity: activity, for: user})
          }
  
@@ -1049,7 +1049,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
            id: id,
            type: "favourite",
            created_at: created_at,
-          account: AccountView.render("account.json", %{user: actor}),
+          account: AccountView.render("account.json", %{user: actor, for: user}),
            status: StatusView.render("status.json", %{activity: liked_activity, for: user})
          }
  
@@ -1060,7 +1060,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
            id: id,
            type: "reblog",
            created_at: created_at,
-          account: AccountView.render("account.json", %{user: actor}),
+          account: AccountView.render("account.json", %{user: actor, for: user}),
            status: StatusView.render("status.json", %{activity: announced_activity, for: user})
          }
  
@@ -1069,7 +1069,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
            id: id,
            type: "follow",
            created_at: created_at,
-          account: AccountView.render("account.json", %{user: actor})
+          account: AccountView.render("account.json", %{user: actor, for: user})
          }
  
        _ ->
diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex

index 3c8f93486339711213246f3d3587601424e24c67..96795c4200668dcdc98d390a07455703b5ae1b69 100644 (file)
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@@ -10,7 +10,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
      render_many(users, AccountView, "account.json", opts)
    end
  
-  def render("account.json", %{user: user}) do
+  def render("account.json", %{user: user} = opts) do
      image = User.avatar_url(user) |> MediaProxy.url()
      header = User.banner_url(user) |> MediaProxy.url()
      user_info = User.user_info(user)
@@ -33,6 +33,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
        |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end)
        |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end)
  
+    bio = HTML.filter_tags(user.bio, User.html_filter_policy(opts[:for]))
+
      %{
        id: to_string(user.id),
        username: username_from_nickname(user.nickname),
@@ -43,7 +45,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
        followers_count: user_info.follower_count,
        following_count: user_info.following_count,
        statuses_count: user_info.note_count,
-      note: HTML.filter_tags(user.bio) || "",
+      note: bio || "",
        url: user.ap_id,
        avatar: image,
        avatar_static: image,
diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex

index ffc1051963bd516816974e1939ffaffec15791f9..ef46ba4fc7ac266fd024ae3ab28556026324d0aa 100644 (file)
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@@ -122,6 +122,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
          %{shortcode: name, url: url, static_url: url, visible_in_picker: false}
        end)
  
+    content =
+      render_content(object)
+      |> HTML.filter_tags(User.html_filter_policy(opts[:for]))
+
      %{
        id: to_string(activity.id),
        uri: object["id"],
@@ -130,7 +134,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
        in_reply_to_id: reply_to && to_string(reply_to.id),
        in_reply_to_account_id: reply_to_user && to_string(reply_to_user.id),
        reblog: nil,
-      content: render_content(object),
+      content: content,
        created_at: created_at,
        reblogs_count: announcement_count,
        replies_count: 0,
@@ -224,7 +228,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
          object["content"]
        end
  
-    HTML.filter_tags(content)
+    content
    end
  
    def render_content(%{"type" => "Article"} = object) do
@@ -237,10 +241,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
          object["content"]
        end
  
-    HTML.filter_tags(content)
+    content
    end
  
-  def render_content(object) do
-    HTML.filter_tags(object["content"])
-  end
+  def render_content(object), do: object["content"]
  end
author	William Pitcock <nenolod@dereferenced.org>
	Sat, 22 Sep 2018 02:14:25 +0000 (02:14 +0000)
committer	William Pitcock <nenolod@dereferenced.org>
	Sat, 22 Sep 2018 02:53:02 +0000 (02:53 +0000)
lib/pleroma/web/mastodon_api/mastodon_api_controller.ex		patch \| blob \| history
lib/pleroma/web/mastodon_api/views/account_view.ex		patch \| blob \| history
lib/pleroma/web/mastodon_api/views/status_view.ex		patch \| blob \| history