closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8800 Commits
4 Branches
567 MiB
Tree: 988b0493fe
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '988b0493fe'
${ noResults }
mastodon/app/controllers/api/v1/statuses_controller.rb

100 lines
3.7 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Clean up for api/base controller (#3629) * Move ApiController to Api/BaseController * API controllers inherit from Api::BaseController * Add coverage for various error cases in api/base controller
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
5 years ago
Remove deprecated REST API `GET /api/v1/statuses/:id/card` (#11213)
4 years ago
Fix 404 and 410 API errors being silently discarded in WebUI (#13279) * Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
4 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Add specific rate limits for posting and following (#13172)
4 years ago
Remove small pagination limit from context API (#7564) Fix #7557
6 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Unuse ActiveRecord::Base#cache_key (#8185) * Unuse ActiveRecord::Base#cache_key * Enable cache_versioning * Call cache_collection
5 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
6 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Setting up preliminary "detailed" routes in the UI, new API end-point for fetching status context
7 years ago
Remove small pagination limit from context API (#7564) Fix #7557
6 years ago
Removing failed push notification API, make context loads use cache
7 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
6 years ago
Moving some counter queries out of subqueries in the API
7 years ago
Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090)
6 years ago
Setting up preliminary "detailed" routes in the UI, new API end-point for fetching status context
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add scheduled statuses (#9706) Fix #340
5 years ago
Fix 404 and 410 API errors being silently discarded in WebUI (#13279) * Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
4 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add scheduled statuses (#9706) Fix #340
5 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add polls (#10111) * Add polls Fix #1629 * Add tests * Fixes * Change API for creating polls * Use name instead of content for votes * Remove poll validation for remote polls * Add polls to public pages * When updating the poll, update options just in case they were changed * Fix public pages showing both poll and other media
5 years ago
Add specific rate limits for posting and following (#13172)
4 years ago
Fix #2402 - Add Idempotency-Key header to PostStatusService that prevents (#2419) duplicates. Web UI regenerates UUID for that header every time the compose form is changed or successfully submitted Also, fix Farsi i18n overwriting the English one
7 years ago
Add scheduled statuses (#9706) Fix #340
5 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Add status destroy authorization to policy (#3453) * Add status destroy authorization to policy * Create explicit unreblog status authorization
7 years ago
Add soft delete for statuses for instant deletes through API (#11623) * Add soft delete for statuses to allow them to appear instant * Allow reporting soft-deleted statuses and show them in the admin UI * Change index for getting an account's statuses
4 years ago
Fix remote and staff-removed statuses leaving media behind for a day (#11638) The reason for unattaching media instead of removing it is to support delete & redraft functionality, but remote or staff-removed statuses will never be redrafted, so the media should be deleted immediately
4 years ago
Add status destroy authorization to policy (#3453) * Add status destroy authorization to policy * Create explicit unreblog status authorization
7 years ago
Add toot source to delete result to ease Delete & Redraft (#10669) * Return Status with raw text in raw_content when deleting a status * Use raw content if available on delete & redraft * Rename raw_content to text; do not serialize formatted content when source is requested
5 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
7 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Extract authorization policy for viewing statuses (#3150)
7 years ago
Add more tests for ActivityPub controllers (#13585)
4 years ago
Fix reblogged/favourited caching; add API endpoints for who favd/reblogged status
7 years ago
Fix ActionController::Parameters in API issue
7 years ago
Fix 404 and 410 API errors being silently discarded in WebUI (#13279) * Fix 404 and 410 API errors being silently discarded in WebUI Fixes #13278 * Return more appropriate error when user replies to a deleted toot * Please CodeClimate * Fix 404/410 errors on fetching account timelines & identity proofs * Refactor error handling * Move error message string to statuses.errors
4 years ago
Fix ActionController::Parameters in API issue
7 years ago
Add polls (#10111) * Add polls Fix #1629 * Add tests * Fixes * Change API for creating polls * Use name instead of content for votes * Remove poll validation for remote polls * Add polls to public pages * When updating the poll, update options just in case they were changed * Fix public pages showing both poll and other media
5 years ago
Fix ActionController::Parameters in API issue
7 years ago
Make public timelines API not require user context/app credentials (#1291) * Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public Fix #1156 - respect query params when generating pagination links in API * Apply pagination fix to more APIs
7 years ago
Fix unpermitted parameters warning when generating pagination URLs (#6995)
6 years ago
Make public timelines API not require user context/app credentials (#1291) * Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public Fix #1156 - respect query params when generating pagination links in API * Apply pagination fix to more APIs
7 years ago
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class Api::V1::StatusesController < Api::BaseController
  4.   include Authorization
  5. 

  6.   before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :destroy]
  7.   before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :destroy]
  8.   before_action :require_user!, except:  [:show, :context]
  9.   before_action :set_status, only:       [:show, :context]
  10.   before_action :set_thread, only:       [:create]
  11. 

  12.   override_rate_limit_headers :create, family: :statuses
  13. 

  14.   # This API was originally unlimited, pagination cannot be introduced without
  15.   # breaking backwards-compatibility. Arbitrarily high number to cover most
  16.   # conversations as quasi-unlimited, it would be too much work to render more
  17.   # than this anyway
  18.   CONTEXT_LIMIT = 4_096

  19. 

  20.   def show
  21.     @status = cache_collection([@status], Status).first
  22.     render json: @status, serializer: REST::StatusSerializer
  23.   end
  24. 

  25.   def context
  26.     ancestors_results   = @status.in_reply_to_id.nil? ? [] : @status.ancestors(CONTEXT_LIMIT, current_account)
  27.     descendants_results = @status.descendants(CONTEXT_LIMIT, current_account)
  28.     loaded_ancestors    = cache_collection(ancestors_results, Status)
  29.     loaded_descendants  = cache_collection(descendants_results, Status)
  30. 

  31.     @context = Context.new(ancestors: loaded_ancestors, descendants: loaded_descendants)
  32.     statuses = [@status] + @context.ancestors + @context.descendants
  33. 

  34.     render json: @context, serializer: REST::ContextSerializer, relationships: StatusRelationshipsPresenter.new(statuses, current_user&.account_id)
  35.   end
  36. 

  37.   def create
  38.     @status = PostStatusService.new.call(current_user.account,
  39.                                          text: status_params[:status],
  40.                                          thread: @thread,
  41.                                          media_ids: status_params[:media_ids],
  42.                                          sensitive: status_params[:sensitive],
  43.                                          spoiler_text: status_params[:spoiler_text],
  44.                                          visibility: status_params[:visibility],
  45.                                          scheduled_at: status_params[:scheduled_at],
  46.                                          application: doorkeeper_token.application,
  47.                                          poll: status_params[:poll],
  48.                                          idempotency: request.headers['Idempotency-Key'],
  49.                                          with_rate_limit: true)
  50. 

  51.     render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
  52.   end
  53. 

  54.   def destroy
  55.     @status = Status.where(account_id: current_user.account).find(params[:id])
  56.     authorize @status, :destroy?
  57. 

  58.     @status.discard
  59.     RemovalWorker.perform_async(@status.id, redraft: true)
  60. 

  61.     render json: @status, serializer: REST::StatusSerializer, source_requested: true
  62.   end
  63. 

  64.   private
  65. 

  66.   def set_status
  67.     @status = Status.find(params[:id])
  68.     authorize @status, :show?
  69.   rescue Mastodon::NotPermittedError
  70.     not_found
  71.   end
  72. 

  73.   def set_thread
  74.     @thread = status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id])
  75.   rescue ActiveRecord::RecordNotFound
  76.     render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404

  77.   end
  78. 

  79.   def status_params
  80.     params.permit(
  81.       :status,
  82.       :in_reply_to_id,
  83.       :sensitive,
  84.       :spoiler_text,
  85.       :visibility,
  86.       :scheduled_at,
  87.       media_ids: [],
  88.       poll: [
  89.         :multiple,
  90.         :hide_totals,
  91.         :expires_in,
  92.         options: [],
  93.       ]
  94.     )
  95.   end
  96. 

  97.   def pagination_params(core_params)
  98.     params.slice(:limit).permit(:limit).merge(core_params)
  99.   end
  100. end