closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3186 Commits
4 Branches
567 MiB
Tree: 10768aa204
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '10768aa204'
${ noResults }
mastodon/app/controllers/api_controller.rb

104 lines
3.2 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Fixing some bugs, adding pending test examples
8 years ago
API pagination for all collections using Link header
7 years ago
Upgrade to Rails 5.0.0.1
7 years ago
Do not store last visited URL from API controllers (#1330) Sign-in redirects you back to last visited URL, but in case of API requests, this sometimes redirected users to an API URL that, of course, greeted them with an {"error":"The access token is invalid"}
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting to the API
7 years ago
Add validation of media attachments, clean up mastodon-own exception classes
7 years ago
Meaningful validation errors in API response
7 years ago
The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests Adding better errors for the API controllers, posting a simple status works from the frontend now
7 years ago
Improved error handling for FollowRemoteService
7 years ago
Catching more exceptions that slipped through, removing AR logging from production as it's very verbose and not very useful
7 years ago
Add validation of media attachments, clean up mastodon-own exception classes
7 years ago
Add "locked" flag to accounts, prevent blocked users from following, force-unfollow blocked users
7 years ago
Better error message in doorkeeper json response
7 years ago
Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting to the API
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting to the API
7 years ago
X-RateLimit-Reset formatted with iso8601
7 years ago
Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limiting to the API
7 years ago
API pagination for all collections using Link header
7 years ago
Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
API pagination for all collections using Link header
7 years ago
API now respects ?limit param as long as it's within 2x default limit
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Rename "publish" to "toot" in english locale, fix lightbox showing old image before loading new one, cache notifications API, fix missing follow button on public profiles
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Avoid dynamic methods due to processing speed (#2080)
7 years ago
Move timelines API from statuses to its own controller, add a check for resources that require a user context vs those that don't (such as public timeline) /api/v1/statuses/public -> /api/v1/timelines/public /api/v1/statuses/home -> /api/v1/timelines/home /api/v1/statuses/mentions -> /api/v1/timelines/mentions /api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
7 years ago
Add digest e-mails
7 years ago
Move timelines API from statuses to its own controller, add a check for resources that require a user context vs those that don't (such as public timeline) /api/v1/statuses/public -> /api/v1/timelines/public /api/v1/statuses/home -> /api/v1/timelines/home /api/v1/statuses/mentions -> /api/v1/timelines/mentions /api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Fix #16 - Optimize n+1 queries when checking reblogged/favourited values for status lists in API
7 years ago
Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Move timelines API from statuses to its own controller, add a check for resources that require a user context vs those that don't (such as public timeline) /api/v1/statuses/public -> /api/v1/timelines/public /api/v1/statuses/home -> /api/v1/timelines/home /api/v1/statuses/mentions -> /api/v1/timelines/mentions /api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
7 years ago
Feature conversations muting (#3017) * Add <ostatus:conversation /> tag to Atom input/output Only uses ref attribute (not href) because href would be the alternate link that's always included also. Creates new conversation for every non-reply status. Carries over conversation for every reply. Keeps remote URIs verbatim, generates local URIs on the fly like the rest of them. * Conversation muting - prevents notifications that reference a conversation (including replies, favourites, reblogs) from being created. API endpoints /api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute Currently no way to tell when a status/conversation is muted, so the web UI only has a "disable notifications" button, doesn't work as a toggle * Display "Dismiss notifications" on all statuses in notifications column, not just own * Add "muted" as a boolean attribute on statuses JSON For now always false on contained reblogs, since it's only relevant for statuses returned from the notifications endpoint, which are not nested Remove "Disable notifications" from detailed status view, since it's only relevant in the notifications column * Up max class length * Remove pending test for conversation mute * Add tests, clean up * Rename to "mute conversation" and "unmute conversation" * Raise validation error when trying to mute/unmute status without conversation
7 years ago
Move timelines API from statuses to its own controller, add a check for resources that require a user context vs those that don't (such as public timeline) /api/v1/statuses/public -> /api/v1/timelines/public /api/v1/statuses/home -> /api/v1/timelines/home /api/v1/statuses/mentions -> /api/v1/timelines/mentions /api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
7 years ago
Feature conversations muting (#3017) * Add <ostatus:conversation /> tag to Atom input/output Only uses ref attribute (not href) because href would be the alternate link that's always included also. Creates new conversation for every non-reply status. Carries over conversation for every reply. Keeps remote URIs verbatim, generates local URIs on the fly like the rest of them. * Conversation muting - prevents notifications that reference a conversation (including replies, favourites, reblogs) from being created. API endpoints /api/v1/statuses/:id/mute and /api/v1/statuses/:id/unmute Currently no way to tell when a status/conversation is muted, so the web UI only has a "disable notifications" button, doesn't work as a toggle * Display "Dismiss notifications" on all statuses in notifications column, not just own * Add "muted" as a boolean attribute on statuses JSON For now always false on contained reblogs, since it's only relevant for statuses returned from the notifications endpoint, which are not nested Remove "Disable notifications" from detailed status view, since it's only relevant in the notifications column * Up max class length * Remove pending test for conversation mute * Add tests, clean up * Rename to "mute conversation" and "unmute conversation" * Raise validation error when trying to mute/unmute status without conversation
7 years ago
Fix #16 - Optimize n+1 queries when checking reblogged/favourited values for status lists in API
7 years ago
Fixing some bugs, adding pending test examples
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class ApiController < ApplicationController
  4.   DEFAULT_STATUSES_LIMIT = 20

  5.   DEFAULT_ACCOUNTS_LIMIT = 40

  6. 

  7.   skip_before_action :verify_authenticity_token
  8.   skip_before_action :store_current_location
  9. 

  10.   before_action :set_rate_limit_headers
  11. 

  12.   rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
  13.     render json: { error: e.to_s }, status: 422

  14.   end
  15. 

  16.   rescue_from ActiveRecord::RecordNotFound do
  17.     render json: { error: 'Record not found' }, status: 404

  18.   end
  19. 

  20.   rescue_from Goldfinger::Error do
  21.     render json: { error: 'Remote account could not be resolved' }, status: 422

  22.   end
  23. 

  24.   rescue_from HTTP::Error do
  25.     render json: { error: 'Remote data could not be fetched' }, status: 503

  26.   end
  27. 

  28.   rescue_from OpenSSL::SSL::SSLError do
  29.     render json: { error: 'Remote SSL certificate could not be verified' }, status: 503

  30.   end
  31. 

  32.   rescue_from Mastodon::NotPermittedError do
  33.     render json: { error: 'This action is not allowed' }, status: 403

  34.   end
  35. 

  36.   def doorkeeper_unauthorized_render_options(error: nil)
  37.     { json: { error: (error.try(:description) || 'Not authorized') } }
  38.   end
  39. 

  40.   def doorkeeper_forbidden_render_options(*)
  41.     { json: { error: 'This action is outside the authorized scopes' } }
  42.   end
  43. 

  44.   protected
  45. 

  46.   def set_rate_limit_headers
  47.     return if request.env['rack.attack.throttle_data'].nil?
  48. 

  49.     now        = Time.now.utc
  50.     match_data = request.env['rack.attack.throttle_data']['api']
  51. 

  52.     response.headers['X-RateLimit-Limit']     = match_data[:limit].to_s
  53.     response.headers['X-RateLimit-Remaining'] = (match_data[:limit] - match_data[:count]).to_s
  54.     response.headers['X-RateLimit-Reset']     = (now + (match_data[:period] - now.to_i % match_data[:period])).iso8601(6)
  55.   end
  56. 

  57.   def set_pagination_headers(next_path = nil, prev_path = nil)
  58.     links = []
  59.     links << [next_path, [%w(rel next)]] if next_path
  60.     links << [prev_path, [%w(rel prev)]] if prev_path
  61.     response.headers['Link'] = LinkHeader.new(links)
  62.   end
  63. 

  64.   def limit_param(default_limit)
  65.     return default_limit unless params[:limit]
  66.     [params[:limit].to_i.abs, default_limit * 2].min
  67.   end
  68. 

  69.   def current_resource_owner
  70.     @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
  71.   end
  72. 

  73.   def current_user
  74.     current_resource_owner || super
  75.   rescue ActiveRecord::RecordNotFound
  76.     nil
  77.   end
  78. 

  79.   def require_user!
  80.     current_resource_owner
  81.     set_user_activity
  82.   rescue ActiveRecord::RecordNotFound
  83.     render json: { error: 'This method requires an authenticated user' }, status: 422

  84.   end
  85. 

  86.   def render_empty
  87.     render json: {}, status: 200

  88.   end
  89. 

  90.   def set_maps(statuses) # rubocop:disable Style/AccessorMethodName
  91.     if current_account.nil?
  92.       @reblogs_map    = {}
  93.       @favourites_map = {}
  94.       @mutes_map      = {}
  95.       return
  96.     end
  97. 

  98.     status_ids       = statuses.compact.flat_map { |s| [s.id, s.reblog_of_id] }.uniq
  99.     conversation_ids = statuses.compact.map(&:conversation_id).compact.uniq
  100.     @reblogs_map     = Status.reblogs_map(status_ids, current_account)
  101.     @favourites_map  = Status.favourites_map(status_ids, current_account)
  102.     @mutes_map       = Status.mutes_map(conversation_ids, current_account)
  103.   end
  104. end