closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3565 Commits
4 Branches
567 MiB
Tree: 0c7c188c45
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0c7c188c45'
${ noResults }
mastodon/app/controllers/api/base_controller.rb

93 lines
2.7 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Clean up for api/base controller (#3629) * Move ApiController to Api/BaseController * API controllers inherit from Api::BaseController * Add coverage for various error cases in api/base controller
7 years ago
API pagination for all collections using Link header
7 years ago
Coverage improvement and concern extraction for rate limit headers in API controller (#3625) * Coverage for rate limit headers * Move rate limit headers methods to concern * Move throttle check to condition on before_action * Move match_data variable into method * Move utc timestamp to separate method * Move header setting into smaller methods * specs cleanup
7 years ago
Upgrade to Rails 5.0.0.1
7 years ago
Do not store last visited URL from API controllers (#1330) Sign-in redirects you back to last visited URL, but in case of API requests, this sometimes redirected users to an API URL that, of course, greeted them with an {"error":"The access token is invalid"}
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Add validation of media attachments, clean up mastodon-own exception classes
7 years ago
Meaningful validation errors in API response
7 years ago
The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests Adding better errors for the API controllers, posting a simple status works from the frontend now
7 years ago
Improved error handling for FollowRemoteService
7 years ago
Catching more exceptions that slipped through, removing AR logging from production as it's very verbose and not very useful
7 years ago
Add validation of media attachments, clean up mastodon-own exception classes
7 years ago
Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users
7 years ago
Better error message in doorkeeper json response
7 years ago
Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting to the API
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
API pagination for all collections using Link header
7 years ago
Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
API pagination for all collections using Link header
7 years ago
API now respects ?limit param as long as it's within 2x default limit
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Rename "publish" to "toot" in english locale, fix lightbox showing old image before loading new one, cache notifications API, fix missing follow button on public profiles
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Avoid dynamic methods due to processing speed (#2080)
7 years ago
Move timelines API from statuses to its own controller, add a check for resources that require a user context vs those that don't (such as public timeline) /api/v1/statuses/public -> /api/v1/timelines/public /api/v1/statuses/home -> /api/v1/timelines/home /api/v1/statuses/mentions -> /api/v1/timelines/mentions /api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
7 years ago
Add digest e-mails
7 years ago
Move timelines API from statuses to its own controller, add a check for resources that require a user context vs those that don't (such as public timeline) /api/v1/statuses/public -> /api/v1/timelines/public /api/v1/statuses/home -> /api/v1/timelines/home /api/v1/statuses/mentions -> /api/v1/timelines/mentions /api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Fix #16 - Optimize n+1 queries when checking reblogged/favourited values for status lists in API
7 years ago
Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Move timelines API from statuses to its own controller, add a check for resources that require a user context vs those that don't (such as public timeline) /api/v1/statuses/public -> /api/v1/timelines/public /api/v1/statuses/home -> /api/v1/timelines/home /api/v1/statuses/mentions -> /api/v1/timelines/mentions /api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
7 years ago
Feature conversations muting (#3017) * Add <ostatus:conversation /> tag to Atom input/output Only uses ref attribute (not href) because href would be the alternate link that's always included also. Creates new conversation for every non-reply status. Carries over conversation for every reply. Keeps remote URIs verbatim, generates local URIs on the fly like the rest of them. * Conversation muting - prevents notifications that reference a conversation (including replies, favourites, reblogs) from being created. API endpoints /api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute Currently no way to tell when a status/conversation is muted, so the web UI only has a "disable notifications" button, doesn't work as a toggle * Display "Dismiss notifications" on all statuses in notifications column, not just own * Add "muted" as a boolean attribute on statuses JSON For now always false on contained reblogs, since it's only relevant for statuses returned from the notifications endpoint, which are not nested Remove "Disable notifications" from detailed status view, since it's only relevant in the notifications column * Up max class length * Remove pending test for conversation mute * Add tests, clean up * Rename to "mute conversation" and "unmute conversation" * Raise validation error when trying to mute/unmute status without conversation
7 years ago
Move timelines API from statuses to its own controller, add a check for resources that require a user context vs those that don't (such as public timeline) /api/v1/statuses/public -> /api/v1/timelines/public /api/v1/statuses/home -> /api/v1/timelines/home /api/v1/statuses/mentions -> /api/v1/timelines/mentions /api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
7 years ago
Feature conversations muting (#3017) * Add <ostatus:conversation /> tag to Atom input/output Only uses ref attribute (not href) because href would be the alternate link that's always included also. Creates new conversation for every non-reply status. Carries over conversation for every reply. Keeps remote URIs verbatim, generates local URIs on the fly like the rest of them. * Conversation muting - prevents notifications that reference a conversation (including replies, favourites, reblogs) from being created. API endpoints /api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute Currently no way to tell when a status/conversation is muted, so the web UI only has a "disable notifications" button, doesn't work as a toggle * Display "Dismiss notifications" on all statuses in notifications column, not just own * Add "muted" as a boolean attribute on statuses JSON For now always false on contained reblogs, since it's only relevant for statuses returned from the notifications endpoint, which are not nested Remove "Disable notifications" from detailed status view, since it's only relevant in the notifications column * Up max class length * Remove pending test for conversation mute * Add tests, clean up * Rename to "mute conversation" and "unmute conversation" * Raise validation error when trying to mute/unmute status without conversation
7 years ago
Fix #16 - Optimize n+1 queries when checking reblogged/favourited values for status lists in API
7 years ago
Fixing some bugs, adding pending test examples
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class Api::BaseController < ApplicationController
  4.   DEFAULT_STATUSES_LIMIT = 20

  5.   DEFAULT_ACCOUNTS_LIMIT = 40

  6. 

  7.   include RateLimitHeaders
  8. 

  9.   skip_before_action :verify_authenticity_token
  10.   skip_before_action :store_current_location
  11. 

  12.   rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
  13.     render json: { error: e.to_s }, status: 422

  14.   end
  15. 

  16.   rescue_from ActiveRecord::RecordNotFound do
  17.     render json: { error: 'Record not found' }, status: 404

  18.   end
  19. 

  20.   rescue_from Goldfinger::Error do
  21.     render json: { error: 'Remote account could not be resolved' }, status: 422

  22.   end
  23. 

  24.   rescue_from HTTP::Error do
  25.     render json: { error: 'Remote data could not be fetched' }, status: 503

  26.   end
  27. 

  28.   rescue_from OpenSSL::SSL::SSLError do
  29.     render json: { error: 'Remote SSL certificate could not be verified' }, status: 503

  30.   end
  31. 

  32.   rescue_from Mastodon::NotPermittedError do
  33.     render json: { error: 'This action is not allowed' }, status: 403

  34.   end
  35. 

  36.   def doorkeeper_unauthorized_render_options(error: nil)
  37.     { json: { error: (error.try(:description) || 'Not authorized') } }
  38.   end
  39. 

  40.   def doorkeeper_forbidden_render_options(*)
  41.     { json: { error: 'This action is outside the authorized scopes' } }
  42.   end
  43. 

  44.   protected
  45. 

  46.   def set_pagination_headers(next_path = nil, prev_path = nil)
  47.     links = []
  48.     links << [next_path, [%w(rel next)]] if next_path
  49.     links << [prev_path, [%w(rel prev)]] if prev_path
  50.     response.headers['Link'] = LinkHeader.new(links)
  51.   end
  52. 

  53.   def limit_param(default_limit)
  54.     return default_limit unless params[:limit]
  55.     [params[:limit].to_i.abs, default_limit * 2].min
  56.   end
  57. 

  58.   def current_resource_owner
  59.     @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
  60.   end
  61. 

  62.   def current_user
  63.     current_resource_owner || super
  64.   rescue ActiveRecord::RecordNotFound
  65.     nil
  66.   end
  67. 

  68.   def require_user!
  69.     current_resource_owner
  70.     set_user_activity
  71.   rescue ActiveRecord::RecordNotFound
  72.     render json: { error: 'This method requires an authenticated user' }, status: 422

  73.   end
  74. 

  75.   def render_empty
  76.     render json: {}, status: 200

  77.   end
  78. 

  79.   def set_maps(statuses) # rubocop:disable Style/AccessorMethodName
  80.     if current_account.nil?
  81.       @reblogs_map    = {}
  82.       @favourites_map = {}
  83.       @mutes_map      = {}
  84.       return
  85.     end
  86. 

  87.     status_ids       = statuses.compact.flat_map { |s| [s.id, s.reblog_of_id] }.uniq
  88.     conversation_ids = statuses.compact.map(&:conversation_id).compact.uniq
  89.     @reblogs_map     = Status.reblogs_map(status_ids, current_account)
  90.     @favourites_map  = Status.favourites_map(status_ids, current_account)
  91.     @mutes_map       = Status.mutes_map(conversation_ids, current_account)
  92.   end
  93. end