You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

232 lines
7.1 KiB

8 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
8 years ago
8 years ago
8 years ago
7 years ago
7 years ago
8 years ago
  1. # frozen_string_literal: true
  2. class ApplicationController < ActionController::Base
  3. # Prevent CSRF attacks by raising an exception.
  4. # For APIs, you may want to use :null_session instead.
  5. protect_from_forgery with: :exception
  6. force_ssl if: :https_enabled?
  7. include Localized
  8. include UserTrackingConcern
  9. include SessionTrackingConcern
  10. helper_method :current_account
  11. helper_method :current_session
  12. helper_method :current_flavour
  13. helper_method :current_skin
  14. helper_method :single_user_mode?
  15. helper_method :use_seamless_external_login?
  16. rescue_from ActionController::RoutingError, with: :not_found
  17. rescue_from ActiveRecord::RecordNotFound, with: :not_found
  18. rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity
  19. rescue_from ActionController::UnknownFormat, with: :not_acceptable
  20. rescue_from Mastodon::NotPermittedError, with: :forbidden
  21. before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
  22. before_action :check_user_permissions, if: :user_signed_in?
  23. def raise_not_found
  24. raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
  25. end
  26. private
  27. def https_enabled?
  28. Rails.env.production?
  29. end
  30. def store_current_location
  31. store_location_for(:user, request.url) unless request.format == :json
  32. end
  33. def require_admin!
  34. forbidden unless current_user&.admin?
  35. end
  36. def require_staff!
  37. forbidden unless current_user&.staff?
  38. end
  39. def check_user_permissions
  40. forbidden if current_user.disabled? || current_user.account.suspended?
  41. end
  42. def after_sign_out_path_for(_resource_or_scope)
  43. new_user_session_path
  44. end
  45. def pack(data, pack_name, skin = 'default')
  46. return nil unless pack?(data, pack_name)
  47. pack_data = {
  48. common: pack_name == 'common' ? nil : resolve_pack(data['name'] ? Themes.instance.flavour(current_flavour) : Themes.instance.core, 'common', skin),
  49. flavour: data['name'],
  50. pack: pack_name,
  51. preload: nil,
  52. skin: nil,
  53. supported_locales: data['locales'],
  54. }
  55. if data['pack'][pack_name].is_a?(Hash)
  56. pack_data[:common] = nil if data['pack'][pack_name]['use_common'] == false
  57. pack_data[:pack] = nil unless data['pack'][pack_name]['filename']
  58. if data['pack'][pack_name]['preload']
  59. pack_data[:preload] = [data['pack'][pack_name]['preload']] if data['pack'][pack_name]['preload'].is_a?(String)
  60. pack_data[:preload] = data['pack'][pack_name]['preload'] if data['pack'][pack_name]['preload'].is_a?(Array)
  61. end
  62. if skin != 'default' && data['skin'][skin]
  63. pack_data[:skin] = skin if data['skin'][skin].include?(pack_name)
  64. else # default skin
  65. pack_data[:skin] = 'default' if data['pack'][pack_name]['stylesheet']
  66. end
  67. end
  68. pack_data
  69. end
  70. def pack?(data, pack_name)
  71. if data['pack'].is_a?(Hash) && data['pack'].key?(pack_name)
  72. return true if data['pack'][pack_name].is_a?(String) || data['pack'][pack_name].is_a?(Hash)
  73. end
  74. false
  75. end
  76. def nil_pack(data, pack_name, skin = 'default')
  77. {
  78. common: pack_name == 'common' ? nil : resolve_pack(data['name'] ? Themes.instance.flavour(current_flavour) : Themes.instance.core, 'common', skin),
  79. flavour: data['name'],
  80. pack: nil,
  81. preload: nil,
  82. skin: nil,
  83. supported_locales: data['locales'],
  84. }
  85. end
  86. def resolve_pack(data, pack_name, skin = 'default')
  87. result = pack(data, pack_name, skin)
  88. unless result
  89. if data['name'] && data.key?('fallback')
  90. if data['fallback'].nil?
  91. return nil_pack(data, pack_name, skin)
  92. elsif data['fallback'].is_a?(String) && Themes.instance.flavour(data['fallback'])
  93. return resolve_pack(Themes.instance.flavour(data['fallback']), pack_name)
  94. elsif data['fallback'].is_a?(Array)
  95. data['fallback'].each do |fallback|
  96. return resolve_pack(Themes.instance.flavour(fallback), pack_name) if Themes.instance.flavour(fallback)
  97. end
  98. end
  99. return nil_pack(data, pack_name, skin)
  100. end
  101. return data.key?('name') && data['name'] != Setting.default_settings['flavour'] ? resolve_pack(Themes.instance.flavour(Setting.default_settings['flavour']), pack_name) : nil_pack(data, pack_name, skin)
  102. end
  103. result
  104. end
  105. def use_pack(pack_name)
  106. @core = resolve_pack(Themes.instance.core, pack_name)
  107. @theme = resolve_pack(Themes.instance.flavour(current_flavour), pack_name, current_skin)
  108. end
  109. protected
  110. def truthy_param?(key)
  111. ActiveModel::Type::Boolean.new.cast(params[key])
  112. end
  113. def forbidden
  114. respond_with_error(403)
  115. end
  116. def not_found
  117. respond_with_error(404)
  118. end
  119. def gone
  120. respond_with_error(410)
  121. end
  122. def unprocessable_entity
  123. respond_with_error(422)
  124. end
  125. def not_acceptable
  126. respond_with_error(406)
  127. end
  128. def single_user_mode?
  129. @single_user_mode ||= Rails.configuration.x.single_user_mode && Account.exists?
  130. end
  131. def use_seamless_external_login?
  132. Devise.pam_authentication || Devise.ldap_authentication
  133. end
  134. def current_account
  135. @current_account ||= current_user.try(:account)
  136. end
  137. def current_session
  138. @current_session ||= SessionActivation.find_by(session_id: cookies.signed['_session_id'])
  139. end
  140. def current_flavour
  141. return Setting.flavour unless Themes.instance.flavours.include? current_user&.setting_flavour
  142. current_user.setting_flavour
  143. end
  144. def current_skin
  145. return Setting.skin unless Themes.instance.skins_for(current_flavour).include? current_user&.setting_skin
  146. current_user.setting_skin
  147. end
  148. def cache_collection(raw, klass)
  149. return raw unless klass.respond_to?(:with_includes)
  150. raw = raw.cache_ids.to_a if raw.is_a?(ActiveRecord::Relation)
  151. cached_keys_with_value = Rails.cache.read_multi(*raw).transform_keys(&:id)
  152. uncached_ids = raw.map(&:id) - cached_keys_with_value.keys
  153. klass.reload_stale_associations!(cached_keys_with_value.values) if klass.respond_to?(:reload_stale_associations!)
  154. unless uncached_ids.empty?
  155. uncached = klass.where(id: uncached_ids).with_includes.map { |item| [item.id, item] }.to_h
  156. uncached.each_value do |item|
  157. Rails.cache.write(item, item)
  158. end
  159. end
  160. raw.map { |item| cached_keys_with_value[item.id] || uncached[item.id] }.compact
  161. end
  162. def respond_with_error(code)
  163. respond_to do |format|
  164. format.any { head code }
  165. format.html do
  166. set_locale
  167. use_pack 'error'
  168. render "errors/#{code}", layout: 'error', status: code
  169. end
  170. end
  171. end
  172. def render_cached_json(cache_key, **options)
  173. options[:expires_in] ||= 3.minutes
  174. cache_public = options.key?(:public) ? options.delete(:public) : true
  175. content_type = options.delete(:content_type) || 'application/json'
  176. data = Rails.cache.fetch(cache_key, { raw: true }.merge(options)) do
  177. yield.to_json
  178. end
  179. expires_in options[:expires_in], public: cache_public
  180. render json: data, content_type: content_type
  181. end
  182. def set_cache_headers
  183. response.headers['Vary'] = 'Accept'
  184. end
  185. def skip_session!
  186. request.session_options[:skip] = true
  187. end
  188. end