1 files changed, 91 insertions, 2 deletions

diff --git a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
index df14ad66f..9ef7fd48d 100644
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@@ -9,6 +9,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
     only: [add_link_headers: 2, truthy_param?: 1, assign_account_by_id: 2, json_response: 3]
 
   alias Pleroma.Emoji
+  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Plugs.RateLimiter
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
@@ -19,6 +20,49 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
   alias Pleroma.Web.OAuth.Token
   alias Pleroma.Web.TwitterAPI.TwitterAPI
 
+  plug(
+    OAuthScopesPlug,
+    %{fallback: :proceed_unauthenticated, scopes: ["read:accounts"]}
+    when action == :show
+  )
+
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["read:accounts"]}
+    when action in [:endorsements, :verify_credentials, :followers, :following]
+  )
+
+  plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :update_credentials)
+
+  plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists)
+
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["follow", "read:blocks"]} when action == :blocks
+  )
+
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock]
+  )
+
+  plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships)
+
+  # Note: :follows (POST /api/v1/follows) is the same as :follow, consider removing :follows
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["follow", "write:follows"]} when action in [:follows, :follow, :unfollow]
+  )
+
+  plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
+
+  plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
+
+  plug(
+    Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
+    when action != :create
+  )
+
   @relations [:follow, :unfollow]
   @needs_account ~W(followers following lists follow unfollow mute unmute block unblock)a
 
@@ -105,6 +149,17 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
       |> Enum.concat(Emoji.Formatter.get_emoji_map(emojis_text))
       |> Enum.dedup()
 
+    params =
+      if Map.has_key?(params, "fields_attributes") do
+        Map.update!(params, "fields_attributes", fn fields ->
+          fields
+          |> normalize_fields_attributes()
+          |> Enum.filter(fn %{"name" => n} -> n != "" end)
+        end)
+      else
+        params
+      end
+
     info_params =
       [
         :no_rich_text,
@@ -122,12 +177,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
         add_if_present(acc, params, to_string(key), key, &{:ok, truthy_param?(&1)})
       end)
       |> add_if_present(params, "default_scope", :default_scope)
-      |> add_if_present(params, "fields", :fields, fn fields ->
+      |> add_if_present(params, "fields_attributes", :fields, fn fields ->
         fields = Enum.map(fields, fn f -> Map.update!(f, "value", &AutoLinker.link(&1)) end)
 
         {:ok, fields}
       end)
-      |> add_if_present(params, "fields", :raw_fields)
+      |> add_if_present(params, "fields_attributes", :raw_fields)
       |> add_if_present(params, "pleroma_settings_store", :pleroma_settings_store, fn value ->
         {:ok, Map.merge(user.info.pleroma_settings_store, value)}
       end)
@@ -168,6 +223,14 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
     end
   end
 
+  defp normalize_fields_attributes(fields) do
+    if Enum.all?(fields, &is_tuple/1) do
+      Enum.map(fields, fn {_, v} -> v end)
+    else
+      fields
+    end
+  end
+
   @doc "GET /api/v1/accounts/relationships"
   def relationships(%{assigns: %{user: user}} = conn, %{"id" => id}) do
     targets = User.get_all_by_ids(List.wrap(id))
@@ -301,4 +364,30 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
       {:error, message} -> json_response(conn, :forbidden, %{error: message})
     end
   end
+
+  @doc "POST /api/v1/follows"
+  def follows(%{assigns: %{user: follower}} = conn, %{"uri" => uri}) do
+    with {_, %User{} = followed} <- {:followed, User.get_cached_by_nickname(uri)},
+         {_, true} <- {:followed, follower.id != followed.id},
+         {:ok, follower, followed, _} <- CommonAPI.follow(follower, followed) do
+      render(conn, "show.json", user: followed, for: follower)
+    else
+      {:followed, _} -> {:error, :not_found}
+      {:error, message} -> json_response(conn, :forbidden, %{error: message})
+    end
+  end
+
+  @doc "GET /api/v1/mutes"
+  def mutes(%{assigns: %{user: user}} = conn, _) do
+    render(conn, "index.json", users: User.muted_users(user), for: user, as: :user)
+  end
+
+  @doc "GET /api/v1/blocks"
+  def blocks(%{assigns: %{user: user}} = conn, _) do
+    render(conn, "index.json", users: User.blocked_users(user), for: user, as: :user)
+  end
+
+  @doc "GET /api/v1/endorsements"
+  def endorsements(conn, params),
+    do: Pleroma.Web.MastodonAPI.MastodonAPIController.empty_array(conn, params)
 end