closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9353 Commits
4 Branches
567 MiB
Tree: 3dfac8387d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3dfac8387d'
${ noResults }
mastodon/app/controllers/api/v1/statuses_controller.rb

132 lines
4.8 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
更好的匿名
3 years ago
标记匿名标签刷新 超过一天未使用自动刷新
3 years ago
更好的匿名
3 years ago
fix bugs && 匿名可禁言
3 years ago
标记匿名标签刷新 超过一天未使用自动刷新
3 years ago
fix bugs && 匿名可禁言
3 years ago
标记匿名标签刷新 超过一天未使用自动刷新
3 years ago
更好的匿名
3 years ago
fix bugs && 匿名可禁言
3 years ago
更好的匿名
3 years ago
Clean up for api/base controller (#3629) * Move ApiController to Api/BaseController * API controllers inherit from Api::BaseController * Add coverage for various error cases in api/base controller
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
5 years ago
Remove deprecated REST API `GET /api/v1/statuses/:id/card` (#11213)
4 years ago
Fix 404 and 410 API errors being silently discarded in WebUI (#13279) * Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
4 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Add specific rate limits for posting and following (#13172)
4 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Remove small pagination limit from context API (#7564) Fix #7557
6 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Unuse ActiveRecord::Base#cache_key (#8185) * Unuse ActiveRecord::Base#cache_key * Enable cache_versioning * Call cache_collection
5 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
6 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Setting up preliminary "detailed" routes in the UI, new API end-point for fetching status context
7 years ago
Remove small pagination limit from context API (#7564) Fix #7557
6 years ago
闭社树每次只加载两层
4 years ago
删除orig 修改细节 匿名可配置
3 years ago
闭社树每次只加载两层
4 years ago
闭社树根节点只加载一层
4 years ago
Removing failed push notification API, make context loads use cache
7 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
6 years ago
Moving some counter queries out of subqueries in the API
7 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
6 years ago
Setting up preliminary "detailed" routes in the UI, new API end-point for fetching status context
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
fix bugs && 匿名可禁言
3 years ago
删除orig 修改细节 匿名可配置
3 years ago
更好的匿名
3 years ago
匿名评论有简单数字代号
4 years ago
树洞评论匿名
4 years ago
匿名评论有简单数字代号
4 years ago
Fix 404 and 410 API errors being silently discarded in WebUI (#13279) * Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
4 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add scheduled statuses (#9706) Fix #340
5 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add polls (#10111) * Add polls Fix #1629 * Add tests * Fixes * Change API for creating polls * Use name instead of content for votes * Remove poll validation for remote polls * Add polls to public pages * When updating the poll, update options just in case they were changed * Fix public pages showing both poll and other media
5 years ago
Add specific rate limits for posting and following (#13172)
4 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add scheduled statuses (#9706) Fix #340
5 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Add status destroy authorization to policy (#3453) * Add status destroy authorization to policy * Create explicit unreblog status authorization
7 years ago
Add soft delete for statuses for instant deletes through API (#11623) * Add soft delete for statuses to allow them to appear instant * Allow reporting soft-deleted statuses and show them in the admin UI * Change index for getting an account's statuses
4 years ago
Fix remote and staff-removed statuses leaving media behind for a day (#11638) The reason for unattaching media instead of removing it is to support delete & redraft functionality, but remote or staff-removed statuses will never be redrafted, so the media should be deleted immediately
4 years ago
Add status destroy authorization to policy (#3453) * Add status destroy authorization to policy * Create explicit unreblog status authorization
7 years ago
Add toot source to delete result to ease Delete & Redraft (#10669) * Return Status with raw text in raw_content when deleting a status * Use raw content if available on delete & redraft * Rename raw_content to text; do not serialize formatted content when source is requested
5 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Fix ActionController::Parameters in API issue
7 years ago
Fix 404 and 410 API errors being silently discarded in WebUI (#13279) * Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
4 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Fix ActionController::Parameters in API issue
7 years ago
Add polls (#10111) * Add polls Fix #1629 * Add tests * Fixes * Change API for creating polls * Use name instead of content for votes * Remove poll validation for remote polls * Add polls to public pages * When updating the poll, update options just in case they were changed * Fix public pages showing both poll and other media
5 years ago
Fix ActionController::Parameters in API issue
7 years ago
Make public timelines API not require user context/app credentials (#1291) * Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public Fix #1156 - respect query params when generating pagination links in API * Apply pagination fix to more APIs
7 years ago
Fix unpermitted parameters warning when generating pagination URLs (#6995)
6 years ago
Make public timelines API not require user context/app credentials (#1291) * Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public Fix #1156 - respect query params when generating pagination links in API * Apply pagination fix to more APIs
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class AnonTag
  4.   @@namelist = (f = Rails.configuration.x.anon_namelist) ? File.readlines(f).collect(&:strip) : ['Alice', 'Bob', 'Carol', 'Dave']
  5.   @@used_name = []
  6.   @@map = {}
  7.   @@last_use = Time.now
  8. 

  9.   def self.get_or_generate(pid, note)
  10.     if Time.now - @@last_use > 1.day
  11.       @@map = {}
  12.       @@used_name = []
  13.     end
  14.     @@last_use = Time.now
  15. 

  16.     pre = @@map.empty? ? '*' : ''
  17. 

  18.     if !@@map[pid]
  19.       @@map[pid] = (@@namelist - @@used_name).sample()
  20.       @@used_name.append(@@map[pid])
  21.     end
  22.     @@map[pid].in?(note) ? nil : pre + @@map[pid]
  23.   end
  24. 

  25. end
  26. 

  27. class Api::V1::StatusesController < Api::BaseController
  28.   include Authorization
  29. 

  30.   before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :destroy]
  31.   before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :destroy]
  32.   before_action :require_user!, except:  [:show, :context]
  33.   before_action :set_status, only:       [:show, :context]
  34.   before_action :set_thread, only:       [:create]
  35. 

  36.   override_rate_limit_headers :create, family: :statuses
  37. 

  38.   # This API was originally unlimited, pagination cannot be introduced without
  39.   # breaking backwards-compatibility. Arbitrarily high number to cover most
  40.   # conversations as quasi-unlimited, it would be too much work to render more
  41.   # than this anyway
  42.   CONTEXT_LIMIT = 4_096

  43. 

  44.   def show
  45.     @status = cache_collection([@status], Status).first
  46.     render json: @status, serializer: REST::StatusSerializer
  47.   end
  48. 

  49.   def context
  50.     ancestors_results   = @status.in_reply_to_id.nil? ? [] : @status.ancestors(CONTEXT_LIMIT, current_account)
  51.     
  52.     treeId = Rails.configuration.x.tree_address.split('/')[-1].to_i
  53.     depth = (@status.id == treeId || (!ancestors_results.empty? && ancestors_results[0].id == treeId)) ? 1 : nil
  54. 

  55.     descendants_results = @status.descendants(CONTEXT_LIMIT, current_account, nil, nil, depth)
  56.     loaded_ancestors    = cache_collection(ancestors_results, Status)
  57.     loaded_descendants  = cache_collection(descendants_results, Status)
  58. 

  59.     @context = Context.new(ancestors: loaded_ancestors, descendants: loaded_descendants)
  60.     statuses = [@status] + @context.ancestors + @context.descendants
  61. 

  62.     render json: @context, serializer: REST::ContextSerializer, relationships: StatusRelationshipsPresenter.new(statuses, current_user&.account_id)
  63.   end
  64. 

  65.   def create
  66.     anon = Rails.configuration.x.anon_acc && status_params[:status].end_with?(Rails.configuration.x.anon_tag) && AnonTag.get_or_generate(current_user.account_id, Account.find(Rails.configuration.x.anon_acc).note) 
  67.     sender = anon ? Account.find(Rails.configuration.x.anon_acc) : current_user.account
  68.     st_text = anon ? ("[#{anon}]:\n#{status_params[:status]}"[0..5000]) : status_params[:status]
  69. 

  70.     @status = PostStatusService.new.call(sender,
  71.                                          text: st_text,
  72.                                          thread: @thread,
  73.                                          media_ids: status_params[:media_ids],
  74.                                          sensitive: status_params[:sensitive],
  75.                                          spoiler_text: status_params[:spoiler_text],
  76.                                          visibility: status_params[:visibility],
  77.                                          scheduled_at: status_params[:scheduled_at],
  78.                                          application: doorkeeper_token.application,
  79.                                          poll: status_params[:poll],
  80.                                          idempotency: request.headers['Idempotency-Key'],
  81.                                          with_rate_limit: true)
  82. 

  83.     render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
  84.   end
  85. 

  86.   def destroy
  87.     @status = Status.where(account_id: current_user.account).find(params[:id])
  88.     authorize @status, :destroy?
  89. 

  90.     @status.discard
  91.     RemovalWorker.perform_async(@status.id, redraft: true)
  92. 

  93.     render json: @status, serializer: REST::StatusSerializer, source_requested: true
  94.   end
  95. 

  96.   private
  97. 

  98.   def set_status
  99.     @status = Status.find(params[:id])
  100.     authorize @status, :show?
  101.   rescue Mastodon::NotPermittedError
  102.     not_found
  103.   end
  104. 

  105.   def set_thread
  106.     @thread = status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id])
  107.   rescue ActiveRecord::RecordNotFound
  108.     render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404

  109.   end
  110. 

  111.   def status_params
  112.     params.permit(
  113.       :status,
  114.       :in_reply_to_id,
  115.       :sensitive,
  116.       :spoiler_text,
  117.       :visibility,
  118.       :scheduled_at,
  119.       media_ids: [],
  120.       poll: [
  121.         :multiple,
  122.         :hide_totals,
  123.         :expires_in,
  124.         options: [],
  125.       ]
  126.     )
  127.   end
  128. 

  129.   def pagination_params(core_params)
  130.     params.slice(:limit).permit(:limit).merge(core_params)
  131.   end
  132. end