diff --git a/app/controllers/api/activitypub/activities_controller.rb b/app/controllers/api/activitypub/activities_controller.rb index 025ab960e..740c8589a 100644 --- a/app/controllers/api/activitypub/activities_controller.rb +++ b/app/controllers/api/activitypub/activities_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Activitypub::ActivitiesController < ApiController +class Api::Activitypub::ActivitiesController < Api::BaseController include Authorization # before_action :set_follow, only: [:show_follow] diff --git a/app/controllers/api/activitypub/notes_controller.rb b/app/controllers/api/activitypub/notes_controller.rb index ff9383413..783c1c4ed 100644 --- a/app/controllers/api/activitypub/notes_controller.rb +++ b/app/controllers/api/activitypub/notes_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Activitypub::NotesController < ApiController +class Api::Activitypub::NotesController < Api::BaseController include Authorization before_action :set_status diff --git a/app/controllers/api/activitypub/outbox_controller.rb b/app/controllers/api/activitypub/outbox_controller.rb index 7b6cbdd38..0738d7dee 100644 --- a/app/controllers/api/activitypub/outbox_controller.rb +++ b/app/controllers/api/activitypub/outbox_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Activitypub::OutboxController < ApiController +class Api::Activitypub::OutboxController < Api::BaseController before_action :set_account respond_to :activitystreams2 diff --git a/app/controllers/api_controller.rb b/app/controllers/api/base_controller.rb similarity index 98% rename from app/controllers/api_controller.rb rename to app/controllers/api/base_controller.rb index 42b85865e..c1b2ec3cf 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class ApiController < ApplicationController +class Api::BaseController < ApplicationController DEFAULT_STATUSES_LIMIT = 20 DEFAULT_ACCOUNTS_LIMIT = 40 diff --git a/app/controllers/api/oembed_controller.rb b/app/controllers/api/oembed_controller.rb index 576188353..6e3e34d96 100644 --- a/app/controllers/api/oembed_controller.rb +++ b/app/controllers/api/oembed_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::OEmbedController < ApiController +class Api::OEmbedController < Api::BaseController respond_to :json def show diff --git a/app/controllers/api/push_controller.rb b/app/controllers/api/push_controller.rb index 75a1f757b..951867140 100644 --- a/app/controllers/api/push_controller.rb +++ b/app/controllers/api/push_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::PushController < ApiController +class Api::PushController < Api::BaseController def update response, status = process_push_request render plain: response, status: status diff --git a/app/controllers/api/salmon_controller.rb b/app/controllers/api/salmon_controller.rb index f611b48a0..e9e700b18 100644 --- a/app/controllers/api/salmon_controller.rb +++ b/app/controllers/api/salmon_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::SalmonController < ApiController +class Api::SalmonController < Api::BaseController before_action :set_account respond_to :txt diff --git a/app/controllers/api/subscriptions_controller.rb b/app/controllers/api/subscriptions_controller.rb index dd2f42aab..d3ea98676 100644 --- a/app/controllers/api/subscriptions_controller.rb +++ b/app/controllers/api/subscriptions_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::SubscriptionsController < ApiController +class Api::SubscriptionsController < Api::BaseController before_action :set_account respond_to :txt diff --git a/app/controllers/api/v1/accounts/credentials_controller.rb b/app/controllers/api/v1/accounts/credentials_controller.rb index 8f2ded29e..1cf52ff10 100644 --- a/app/controllers/api/v1/accounts/credentials_controller.rb +++ b/app/controllers/api/v1/accounts/credentials_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::CredentialsController < ApiController +class Api::V1::Accounts::CredentialsController < Api::BaseController before_action -> { doorkeeper_authorize! :write }, only: [:update] before_action :require_user! diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb index 3e9da29e3..81aae56d3 100644 --- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::FollowerAccountsController < ApiController +class Api::V1::Accounts::FollowerAccountsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb index 732961aac..63c6d54b2 100644 --- a/app/controllers/api/v1/accounts/following_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::FollowingAccountsController < ApiController +class Api::V1::Accounts::FollowingAccountsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/accounts/relationships_controller.rb b/app/controllers/api/v1/accounts/relationships_controller.rb index d1a4f178b..cb923ab91 100644 --- a/app/controllers/api/v1/accounts/relationships_controller.rb +++ b/app/controllers/api/v1/accounts/relationships_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::RelationshipsController < ApiController +class Api::V1::Accounts::RelationshipsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! diff --git a/app/controllers/api/v1/accounts/search_controller.rb b/app/controllers/api/v1/accounts/search_controller.rb index 6d4c6e4cf..c4a8f97f2 100644 --- a/app/controllers/api/v1/accounts/search_controller.rb +++ b/app/controllers/api/v1/accounts/search_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::SearchController < ApiController +class Api::V1::Accounts::SearchController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index 1e0d2a740..504ed8c07 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::StatusesController < ApiController +class Api::V1::Accounts::StatusesController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 3b23e996d..8fc0dd36f 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::AccountsController < ApiController +class Api::V1::AccountsController < Api::BaseController before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute] before_action -> { doorkeeper_authorize! :follow }, only: [:follow, :unfollow, :block, :unblock, :mute, :unmute] before_action :require_user!, except: [:show] diff --git a/app/controllers/api/v1/apps_controller.rb b/app/controllers/api/v1/apps_controller.rb index 54f8d40b2..98e908948 100644 --- a/app/controllers/api/v1/apps_controller.rb +++ b/app/controllers/api/v1/apps_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::AppsController < ApiController +class Api::V1::AppsController < Api::BaseController respond_to :json def create diff --git a/app/controllers/api/v1/blocks_controller.rb b/app/controllers/api/v1/blocks_controller.rb index d15cb439c..1702953cf 100644 --- a/app/controllers/api/v1/blocks_controller.rb +++ b/app/controllers/api/v1/blocks_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::BlocksController < ApiController +class Api::V1::BlocksController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/domain_blocks_controller.rb b/app/controllers/api/v1/domain_blocks_controller.rb index 772c04687..e93dc603b 100644 --- a/app/controllers/api/v1/domain_blocks_controller.rb +++ b/app/controllers/api/v1/domain_blocks_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::DomainBlocksController < ApiController +class Api::V1::DomainBlocksController < Api::BaseController BLOCK_LIMIT = 100 before_action -> { doorkeeper_authorize! :follow } diff --git a/app/controllers/api/v1/favourites_controller.rb b/app/controllers/api/v1/favourites_controller.rb index a74db92af..fe0819a3f 100644 --- a/app/controllers/api/v1/favourites_controller.rb +++ b/app/controllers/api/v1/favourites_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::FavouritesController < ApiController +class Api::V1::FavouritesController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/follow_requests_controller.rb b/app/controllers/api/v1/follow_requests_controller.rb index 8a8d40d77..eed22ef4f 100644 --- a/app/controllers/api/v1/follow_requests_controller.rb +++ b/app/controllers/api/v1/follow_requests_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::FollowRequestsController < ApiController +class Api::V1::FollowRequestsController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! after_action :insert_pagination_headers, only: :index diff --git a/app/controllers/api/v1/follows_controller.rb b/app/controllers/api/v1/follows_controller.rb index 67d823398..bcdb4e177 100644 --- a/app/controllers/api/v1/follows_controller.rb +++ b/app/controllers/api/v1/follows_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::FollowsController < ApiController +class Api::V1::FollowsController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! diff --git a/app/controllers/api/v1/instances_controller.rb b/app/controllers/api/v1/instances_controller.rb index 51d92838a..ce2181879 100644 --- a/app/controllers/api/v1/instances_controller.rb +++ b/app/controllers/api/v1/instances_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::InstancesController < ApiController +class Api::V1::InstancesController < Api::BaseController respond_to :json def show; end diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb index 3d7dcef42..25a331319 100644 --- a/app/controllers/api/v1/media_controller.rb +++ b/app/controllers/api/v1/media_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::MediaController < ApiController +class Api::V1::MediaController < Api::BaseController before_action -> { doorkeeper_authorize! :write } before_action :require_user! diff --git a/app/controllers/api/v1/mutes_controller.rb b/app/controllers/api/v1/mutes_controller.rb index b9ac74176..2a353df03 100644 --- a/app/controllers/api/v1/mutes_controller.rb +++ b/app/controllers/api/v1/mutes_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::MutesController < ApiController +class Api::V1::MutesController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb index 1cd4ca40a..20b28776d 100644 --- a/app/controllers/api/v1/notifications_controller.rb +++ b/app/controllers/api/v1/notifications_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::NotificationsController < ApiController +class Api::V1::NotificationsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! after_action :insert_pagination_headers, only: :index diff --git a/app/controllers/api/v1/reports_controller.rb b/app/controllers/api/v1/reports_controller.rb index e0f9ed232..71df76e92 100644 --- a/app/controllers/api/v1/reports_controller.rb +++ b/app/controllers/api/v1/reports_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::ReportsController < ApiController +class Api::V1::ReportsController < Api::BaseController before_action -> { doorkeeper_authorize! :read }, except: [:create] before_action -> { doorkeeper_authorize! :write }, only: [:create] before_action :require_user! diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb index 1ee2589a0..8b832148c 100644 --- a/app/controllers/api/v1/search_controller.rb +++ b/app/controllers/api/v1/search_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::SearchController < ApiController +class Api::V1::SearchController < Api::BaseController RESULTS_LIMIT = 5 respond_to :json diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 7386d7158..53fb1619e 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::StatusesController < ApiController +class Api::V1::StatusesController < Api::BaseController include Authorization before_action :authorize_if_got_token, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite, :mute, :unmute] diff --git a/app/controllers/api/v1/streaming_controller.rb b/app/controllers/api/v1/streaming_controller.rb index 377951472..66b812e76 100644 --- a/app/controllers/api/v1/streaming_controller.rb +++ b/app/controllers/api/v1/streaming_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::StreamingController < ApiController +class Api::V1::StreamingController < Api::BaseController respond_to :json def index diff --git a/app/controllers/api/v1/timelines/home_controller.rb b/app/controllers/api/v1/timelines/home_controller.rb index 29e570fa5..511d2f65d 100644 --- a/app/controllers/api/v1/timelines/home_controller.rb +++ b/app/controllers/api/v1/timelines/home_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Timelines::HomeController < ApiController +class Api::V1::Timelines::HomeController < Api::BaseController before_action -> { doorkeeper_authorize! :read }, only: [:show] before_action :require_user!, only: [:show] after_action :insert_pagination_headers, unless: -> { @statuses.empty? } diff --git a/app/controllers/api/v1/timelines/public_controller.rb b/app/controllers/api/v1/timelines/public_controller.rb index cd3663d5f..305451cc7 100644 --- a/app/controllers/api/v1/timelines/public_controller.rb +++ b/app/controllers/api/v1/timelines/public_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Timelines::PublicController < ApiController +class Api::V1::Timelines::PublicController < Api::BaseController after_action :insert_pagination_headers, unless: -> { @statuses.empty? } respond_to :json diff --git a/app/controllers/api/v1/timelines/tag_controller.rb b/app/controllers/api/v1/timelines/tag_controller.rb index 0481f5deb..50afca7c7 100644 --- a/app/controllers/api/v1/timelines/tag_controller.rb +++ b/app/controllers/api/v1/timelines/tag_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Timelines::TagController < ApiController +class Api::V1::Timelines::TagController < Api::BaseController before_action :load_tag after_action :insert_pagination_headers, unless: -> { @statuses.empty? } diff --git a/app/controllers/api/web/settings_controller.rb b/app/controllers/api/web/settings_controller.rb index 7cceb0dfc..f6739d506 100644 --- a/app/controllers/api/web/settings_controller.rb +++ b/app/controllers/api/web/settings_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Web::SettingsController < ApiController +class Api::Web::SettingsController < Api::BaseController respond_to :json before_action :require_user! diff --git a/spec/controllers/api/base_controller_spec.rb b/spec/controllers/api/base_controller_spec.rb new file mode 100644 index 000000000..7d5e0116c --- /dev/null +++ b/spec/controllers/api/base_controller_spec.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +require 'rails_helper' + +class FakeService; end + +describe Api::BaseController do + controller do + def success + head 200 + end + + def error + FakeService.new + end + end + + describe 'Forgery protection' do + before do + routes.draw { post 'success' => 'api/base#success' } + end + + it 'does not protect from forgery' do + ActionController::Base.allow_forgery_protection = true + post 'success' + expect(response).to have_http_status(:success) + end + end + + describe 'Error handling' do + ERRORS_WITH_CODES = { + ActiveRecord::RecordInvalid => 422, + Mastodon::ValidationError => 422, + ActiveRecord::RecordNotFound => 404, + Goldfinger::Error => 422, + HTTP::Error => 503, + OpenSSL::SSL::SSLError => 503, + Mastodon::NotPermittedError => 403, + } + + before do + routes.draw { get 'error' => 'api/base#error' } + end + + ERRORS_WITH_CODES.each do |error, code| + it "Handles error class of #{error}" do + expect(FakeService).to receive(:new).and_raise(error) + + get 'error' + expect(response).to have_http_status(code) + end + end + end +end diff --git a/spec/controllers/api_controller_spec.rb b/spec/controllers/api_controller_spec.rb deleted file mode 100644 index 44be4276a..000000000 --- a/spec/controllers/api_controller_spec.rb +++ /dev/null @@ -1,21 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -describe ApiController, type: :controller do - controller do - def success - head 200 - end - end - - before do - routes.draw { post 'success' => 'api#success' } - end - - it 'does not protect from forgery' do - ActionController::Base.allow_forgery_protection = true - post 'success' - expect(response).to have_http_status(:success) - end -end