diff options
| author | lain <lain@soykaf.club> | 2020-04-29 11:09:30 +0000 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-04-29 11:09:30 +0000 |
| commit | 58fded9858edbeb318dc011cb313e82a86fbafcb (patch) | |
| tree | 90539822a02e9ff1de91969ad179da907c031b4d /lib/pleroma/web/mastodon_api/controllers/account_controller.ex | |
| parent | 699fc9569fa06278baaec6804348375cb9891185 (diff) | |
| parent | 4c0e53367acd74de04de070a5e33380f5e457163 (diff) | |
| download | pleroma-58fded9858edbeb318dc011cb313e82a86fbafcb.tar.gz | |
Merge branch 'automatic-authentication-and-instance-publicity-checks' into 'develop'
Automatic checks of authentication / authorization / instance publicity
See merge request pleroma/pleroma!2409
Diffstat (limited to 'lib/pleroma/web/mastodon_api/controllers/account_controller.ex')
| -rw-r--r-- | lib/pleroma/web/mastodon_api/controllers/account_controller.ex | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex index 37adeec5f..1eedf02d6 100644 --- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex @@ -14,6 +14,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do skip_relationships?: 1 ] + alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Plugs.RateLimiter alias Pleroma.User @@ -28,18 +29,26 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do plug(OpenApiSpex.Plug.CastAndValidate, render_error: Pleroma.Web.ApiSpec.RenderError) - plug(:skip_plug, OAuthScopesPlug when action == :identity_proofs) + plug(:skip_plug, [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :create) + + plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action in [:show, :statuses]) plug( OAuthScopesPlug, %{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]} - when action == :show + when action in [:show, :followers, :following] + ) + + plug( + OAuthScopesPlug, + %{fallback: :proceed_unauthenticated, scopes: ["read:statuses"]} + when action == :statuses ) plug( OAuthScopesPlug, %{scopes: ["read:accounts"]} - when action in [:endorsements, :verify_credentials, :followers, :following] + when action in [:verify_credentials, :endorsements, :identity_proofs] ) plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :update_credentials) @@ -58,21 +67,15 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships) - # Note: :follows (POST /api/v1/follows) is the same as :follow, consider removing :follows plug( OAuthScopesPlug, - %{scopes: ["follow", "write:follows"]} when action in [:follows, :follow, :unfollow] + %{scopes: ["follow", "write:follows"]} when action in [:follow_by_uri, :follow, :unfollow] ) plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes) plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute]) - plug( - Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug - when action not in [:create, :show, :statuses] - ) - @relationship_actions [:follow, :unfollow] @needs_account ~W(followers following lists follow unfollow mute unmute block unblock)a @@ -378,7 +381,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do end @doc "POST /api/v1/follows" - def follows(%{body_params: %{uri: uri}} = conn, _) do + def follow_by_uri(%{body_params: %{uri: uri}} = conn, _) do case User.get_cached_by_nickname(uri) do %User{} = user -> conn |