closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9335 Commits
4 Branches
567 MiB
Tree: 3cc3992d1d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3cc3992d1d'
${ noResults }
mastodon/app/controllers/api/v1/statuses_controller.rb

120 lines
4.6 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Clean up for api/base controller (#3629) * Move ApiController to Api/BaseController * API controllers inherit from Api::BaseController * Add coverage for various error cases in api/base controller
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
5 years ago
Remove deprecated REST API `GET /api/v1/statuses/:id/card` (#11213)
4 years ago
Fix 404 and 410 API errors being silently discarded in WebUI (#13279) * Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
4 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Add specific rate limits for posting and following (#13172)
4 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Remove small pagination limit from context API (#7564) Fix #7557
6 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Unuse ActiveRecord::Base#cache_key (#8185) * Unuse ActiveRecord::Base#cache_key * Enable cache_versioning * Call cache_collection
5 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
6 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Setting up preliminary "detailed" routes in the UI, new API end-point for fetching status context
7 years ago
Remove small pagination limit from context API (#7564) Fix #7557
6 years ago
闭社树每次只加载两层
4 years ago
删除orig 修改细节 匿名可配置
3 years ago
闭社树每次只加载两层
4 years ago
闭社树根节点只加载一层
4 years ago
Removing failed push notification API, make context loads use cache
7 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
6 years ago
Moving some counter queries out of subqueries in the API
7 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
6 years ago
Setting up preliminary "detailed" routes in the UI, new API end-point for fetching status context
7 years ago
匿名使用汉字编号
4 years ago
mask不同天使用不同的编码规则
4 years ago
匿名使用汉字编号
4 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
删除orig 修改细节 匿名可配置
3 years ago
匿名评论有简单数字代号
4 years ago
树洞评论匿名
4 years ago
匿名评论有简单数字代号
4 years ago
Fix 404 and 410 API errors being silently discarded in WebUI (#13279) * Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
4 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add scheduled statuses (#9706) Fix #340
5 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add polls (#10111) * Add polls Fix #1629 * Add tests * Fixes * Change API for creating polls * Use name instead of content for votes * Remove poll validation for remote polls * Add polls to public pages * When updating the poll, update options just in case they were changed * Fix public pages showing both poll and other media
5 years ago
Add specific rate limits for posting and following (#13172)
4 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add scheduled statuses (#9706) Fix #340
5 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Add status destroy authorization to policy (#3453) * Add status destroy authorization to policy * Create explicit unreblog status authorization
7 years ago
Add soft delete for statuses for instant deletes through API (#11623) * Add soft delete for statuses to allow them to appear instant * Allow reporting soft-deleted statuses and show them in the admin UI * Change index for getting an account's statuses
4 years ago
Fix remote and staff-removed statuses leaving media behind for a day (#11638) The reason for unattaching media instead of removing it is to support delete & redraft functionality, but remote or staff-removed statuses will never be redrafted, so the media should be deleted immediately
4 years ago
Add status destroy authorization to policy (#3453) * Add status destroy authorization to policy * Create explicit unreblog status authorization
7 years ago
Add toot source to delete result to ease Delete & Redraft (#10669) * Return Status with raw text in raw_content when deleting a status * Use raw content if available on delete & redraft * Rename raw_content to text; do not serialize formatted content when source is requested
5 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Fix ActionController::Parameters in API issue
7 years ago
Fix 404 and 410 API errors being silently discarded in WebUI (#13279) * Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
4 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Fix ActionController::Parameters in API issue
7 years ago
Add polls (#10111) * Add polls Fix #1629 * Add tests * Fixes * Change API for creating polls * Use name instead of content for votes * Remove poll validation for remote polls * Add polls to public pages * When updating the poll, update options just in case they were changed * Fix public pages showing both poll and other media
5 years ago
Fix ActionController::Parameters in API issue
7 years ago
Make public timelines API not require user context/app credentials (#1291) * Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public Fix #1156 - respect query params when generating pagination links in API * Apply pagination fix to more APIs
7 years ago
Fix unpermitted parameters warning when generating pagination URLs (#6995)
6 years ago
Make public timelines API not require user context/app credentials (#1291) * Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public Fix #1156 - respect query params when generating pagination links in API * Apply pagination fix to more APIs
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class Api::V1::StatusesController < Api::BaseController
  4.   include Authorization
  5. 

  6.   before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :destroy]
  7.   before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :destroy]
  8.   before_action :require_user!, except:  [:show, :context]
  9.   before_action :set_status, only:       [:show, :context]
  10.   before_action :set_thread, only:       [:create]
  11. 

  12.   override_rate_limit_headers :create, family: :statuses
  13. 

  14.   # This API was originally unlimited, pagination cannot be introduced without
  15.   # breaking backwards-compatibility. Arbitrarily high number to cover most
  16.   # conversations as quasi-unlimited, it would be too much work to render more
  17.   # than this anyway
  18.   CONTEXT_LIMIT = 4_096

  19. 

  20.   def show
  21.     @status = cache_collection([@status], Status).first
  22.     render json: @status, serializer: REST::StatusSerializer
  23.   end
  24. 

  25.   def context
  26.     ancestors_results   = @status.in_reply_to_id.nil? ? [] : @status.ancestors(CONTEXT_LIMIT, current_account)
  27.     
  28.     treeId = Rails.configuration.x.tree_address.split('/')[-1].to_i
  29.     depth = (@status.id == treeId || (!ancestors_results.empty? && ancestors_results[0].id == treeId)) ? 1 : nil
  30. 

  31.     descendants_results = @status.descendants(CONTEXT_LIMIT, current_account, nil, nil, depth)
  32.     loaded_ancestors    = cache_collection(ancestors_results, Status)
  33.     loaded_descendants  = cache_collection(descendants_results, Status)
  34. 

  35.     @context = Context.new(ancestors: loaded_ancestors, descendants: loaded_descendants)
  36.     statuses = [@status] + @context.ancestors + @context.descendants
  37. 

  38.     render json: @context, serializer: REST::ContextSerializer, relationships: StatusRelationshipsPresenter.new(statuses, current_user&.account_id)
  39.   end
  40. 

  41.   def to_cn(n)
  42.     case Time.new.wday
  43.     when 0, 3

  44.       "秦汉魏晋隋唐宋元明清"[n % 10] + [n % 20873, n % 20899].map{|i| i+0x4e00}.pack('U*')
  45.     when 1, 4, 6

  46.       "甲乙丙丁戊己庚辛壬癸"[n % 10] + [n % 20873, n % 20899].map{|i| i+0x4e00}.pack('U*')
  47.     else
  48.       "鼠牛虎兔龙蛇马羊猴鸡狗猪" [n % 12] + [n % 20873, n % 20899].map{|i| i+0x4e00}.pack('U*')
  49.     end
  50.   end
  51. 

  52.   def create
  53.     p Rails.configuration.x.anon_tag
  54.     anon = Rails.configuration.x.anon_acc && status_params[:status].end_with?(Rails.configuration.x.anon_tag)
  55.     sender = anon ? Account.find(Rails.configuration.x.anon_acc) : current_user.account
  56.     st_text = anon ? ("$#{to_cn(7919**(current_account.id + 1000 * Time.new.day) % 1000000007)}:\n" + status_params[:status][0..4990]) : status_params[:status]
  57. 

  58.     @status = PostStatusService.new.call(sender,
  59.                                          text: st_text,
  60.                                          thread: @thread,
  61.                                          media_ids: status_params[:media_ids],
  62.                                          sensitive: status_params[:sensitive],
  63.                                          spoiler_text: status_params[:spoiler_text],
  64.                                          visibility: status_params[:visibility],
  65.                                          scheduled_at: status_params[:scheduled_at],
  66.                                          application: doorkeeper_token.application,
  67.                                          poll: status_params[:poll],
  68.                                          idempotency: request.headers['Idempotency-Key'],
  69.                                          with_rate_limit: true)
  70. 

  71.     render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
  72.   end
  73. 

  74.   def destroy
  75.     @status = Status.where(account_id: current_user.account).find(params[:id])
  76.     authorize @status, :destroy?
  77. 

  78.     @status.discard
  79.     RemovalWorker.perform_async(@status.id, redraft: true)
  80. 

  81.     render json: @status, serializer: REST::StatusSerializer, source_requested: true
  82.   end
  83. 

  84.   private
  85. 

  86.   def set_status
  87.     @status = Status.find(params[:id])
  88.     authorize @status, :show?
  89.   rescue Mastodon::NotPermittedError
  90.     not_found
  91.   end
  92. 

  93.   def set_thread
  94.     @thread = status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id])
  95.   rescue ActiveRecord::RecordNotFound
  96.     render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404

  97.   end
  98. 

  99.   def status_params
  100.     params.permit(
  101.       :status,
  102.       :in_reply_to_id,
  103.       :sensitive,
  104.       :spoiler_text,
  105.       :visibility,
  106.       :scheduled_at,
  107.       media_ids: [],
  108.       poll: [
  109.         :multiple,
  110.         :hide_totals,
  111.         :expires_in,
  112.         options: [],
  113.       ]
  114.     )
  115.   end
  116. 

  117.   def pagination_params(core_params)
  118.     params.slice(:limit).permit(:limit).merge(core_params)
  119.   end
  120. end