require Logger
require Pleroma.Constants
- when action in [:user_statuses, :get_status, :get_context, :status_card, :get_poll]
+ plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :index)
+
+ @unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read"], skip_instance_privacy_check: true} when action == :index
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read"]} when action in [:suggestions, :verify_app_credentials]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:accounts"]}
+ # Note: the following actions are not permission-secured in Mastodon:
+ when action in [
+ :put_settings,
+ :update_avatar,
+ :update_banner,
+ :update_background,
+ :set_mascot
+ ]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:accounts"]}
+ when action in [:pin_status, :unpin_status, :update_credentials]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read:statuses"]}
+ when action in [
+ :conversations,
+ :scheduled_statuses,
+ :show_scheduled_status,
+ :home_timeline,
+ :dm_timeline
+ ]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{@unauthenticated_access | scopes: ["read:statuses"]}
++ when action in [
++ :user_statuses,
++ :get_statuses,
++ :get_status,
++ :get_context,
++ :status_card,
++ :get_poll
++ ]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:statuses"]}
+ when action in [
+ :update_scheduled_status,
+ :delete_scheduled_status,
+ :post_status,
+ :delete_status,
+ :reblog_status,
+ :unreblog_status,
+ :poll_vote
+ ]
+ )
+
+ plug(OAuthScopesPlug, %{scopes: ["write:conversations"]} when action == :conversation_read)
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read:accounts"]}
+ when action in [:endorsements, :verify_credentials, :followers, :following, :get_mascot]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{@unauthenticated_access | scopes: ["read:accounts"]}
+ when action in [:user, :favourited_by, :reblogged_by]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read:favourites"]} when action in [:favourites, :user_favourites]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:favourites"]} when action in [:fav_status, :unfav_status]
+ )
+
+ plug(OAuthScopesPlug, %{scopes: ["read:filters"]} when action in [:get_filters, :get_filter])
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:filters"]} when action in [:create_filter, :update_filter, :delete_filter]
+ )
+
+ plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action in [:account_lists, :list_timeline])
+
+ plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action in [:upload, :update_media])
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read:notifications"]} when action in [:notifications, :get_notification]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:notifications"]}
+ when action in [:clear_notifications, :dismiss_notification, :destroy_multiple_notifications]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:reports"]}
+ when action in [:create_report, :report_update_state, :report_respond]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["follow", "read:blocks"]} when action in [:blocks, :domain_blocks]
+ )
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["follow", "write:blocks"]}
+ when action in [:block, :unblock, :block_domain, :unblock_domain]
+ )
+
+ plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships)
+ plug(OAuthScopesPlug, %{scopes: ["follow", "read:follows"]} when action == :follow_requests)
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["follow", "write:follows"]}
+ when action in [
+ :follow,
+ :unfollow,
+ :subscribe,
+ :unsubscribe,
+ :authorize_follow_request,
+ :reject_follow_request
+ ]
+ )
+
+ plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
+ plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:mutes"]} when action in [:mute_conversation, :unmute_conversation]
+ )
+
+ # Note: scopes not present in Mastodon: read:bookmarks, write:bookmarks
+ plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["write:bookmarks"]} when action in [:bookmark_status, :unbookmark_status]
+ )
+
@rate_limited_relations_actions ~w(follow unfollow)a
@rate_limited_status_actions ~w(reblog_status unreblog_status fav_status unfav_status
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
pipe_through(:authenticated_api)
- scope [] do
- pipe_through(:oauth_write)
-
- post("/change_email", UtilController, :change_email)
- post("/change_password", UtilController, :change_password)
- post("/delete_account", UtilController, :delete_account)
- put("/notification_settings", UtilController, :update_notificaton_settings)
- post("/disable_account", UtilController, :disable_account)
- end
++ post("/change_email", UtilController, :change_email)
+ post("/change_password", UtilController, :change_password)
+ post("/delete_account", UtilController, :delete_account)
+ put("/notification_settings", UtilController, :update_notificaton_settings)
+ post("/disable_account", UtilController, :disable_account)
- scope [] do
- pipe_through(:oauth_follow)
-
- post("/blocks_import", UtilController, :blocks_import)
- post("/follow_import", UtilController, :follow_import)
- end
+ post("/blocks_import", UtilController, :blocks_import)
+ post("/follow_import", UtilController, :follow_import)
end
scope "/oauth", Pleroma.Web.OAuth do
scope "/api/v1", Pleroma.Web.MastodonAPI do
pipe_through(:api)
-- post("/accounts", MastodonAPIController, :account_register)
--
get("/instance", MastodonAPIController, :masto_instance)
get("/instance/peers", MastodonAPIController, :peers)
++
post("/apps", MastodonAPIController, :create_app)
get("/apps/verify_credentials", MastodonAPIController, :verify_app_credentials)
-- get("/custom_emojis", MastodonAPIController, :custom_emojis)
-
- get("/statuses/:id/card", MastodonAPIController, :status_card)
- get("/statuses/:id/card", MastodonAPIController, :status_card)
-
-- get("/statuses/:id/favourited_by", MastodonAPIController, :favourited_by)
-- get("/statuses/:id/reblogged_by", MastodonAPIController, :reblogged_by)
++ get("/custom_emojis", MastodonAPIController, :custom_emojis)
get("/trends", MastodonAPIController, :empty_array)
get("/accounts/search", SearchController, :account_search)
-- post(
-- "/pleroma/accounts/confirmation_resend",
-- MastodonAPIController,
-- :account_confirmation_resend
-- )
--
- scope [] do
- pipe_through(:oauth_read_or_public)
+ get("/timelines/public", MastodonAPIController, :public_timeline)
+ get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline)
-
- get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
-
- get("/search", SearchController, :search)
++ get("/timelines/list/:list_id", MastodonAPIController, :list_timeline)
- get("/timelines/public", MastodonAPIController, :public_timeline)
- get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline)
- get("/timelines/list/:list_id", MastodonAPIController, :list_timeline)
+ get("/polls/:id", MastodonAPIController, :get_poll)
- get("/statuses", MastodonAPIController, :get_statuses)
- get("/statuses/:id", MastodonAPIController, :get_status)
- get("/statuses/:id/context", MastodonAPIController, :get_context)
++ post("/accounts", MastodonAPIController, :account_register)
++ get("/accounts/:id", MastodonAPIController, :user)
+ get("/accounts/:id/followers", MastodonAPIController, :followers)
+ get("/accounts/:id/following", MastodonAPIController, :following)
++ get("/accounts/:id/statuses", MastodonAPIController, :user_statuses)
- get("/timelines/list/:list_id", MastodonAPIController, :list_timeline)
-
- get("/accounts/:id", MastodonAPIController, :user)
- get("/polls/:id", MastodonAPIController, :get_poll)
++ get("/search", SearchController, :search)
- get("/accounts/:id/statuses", MastodonAPIController, :user_statuses)
- get("/accounts/:id/statuses", MastodonAPIController, :user_statuses)
- get("/accounts/:id/followers", MastodonAPIController, :followers)
- get("/accounts/:id/following", MastodonAPIController, :following)
- get("/accounts/:id", MastodonAPIController, :user)
++ get("/statuses", MastodonAPIController, :get_statuses)
+ get("/statuses/:id", MastodonAPIController, :get_status)
+ get("/statuses/:id/context", MastodonAPIController, :get_context)
++ get("/statuses/:id/card", MastodonAPIController, :status_card)
++ get("/statuses/:id/favourited_by", MastodonAPIController, :favourited_by)
++ get("/statuses/:id/reblogged_by", MastodonAPIController, :reblogged_by)
+
- get("/search", SearchController, :search)
++ get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
+
- get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
- end
++ post(
++ "/pleroma/accounts/confirmation_resend",
++ MastodonAPIController,
++ :account_confirmation_resend
++ )
end
scope "/api/v2", Pleroma.Web.MastodonAPI do
projects / akkoma / commitdiff