11 files changed, 309 insertions, 63 deletions

diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex
index 8f1399ce6..a05e03263 100644
--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@@ -88,7 +88,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
       true
     else
       inbox_info = URI.parse(inbox)
-      !Enum.member?(Pleroma.Config.get([:instance, :quarantined_instances], []), inbox_info.host)
+      !Enum.member?(Config.get([:instance, :quarantined_instances], []), inbox_info.host)
     end
   end
 
diff --git a/lib/pleroma/web/admin_api/admin_api_controller.ex b/lib/pleroma/web/admin_api/admin_api_controller.ex
index de2a13c01..03dfdca82 100644
--- a/lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/admin_api_controller.ex
@@ -10,6 +10,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Relay
   alias Pleroma.Web.AdminAPI.AccountView
+  alias Pleroma.Web.AdminAPI.Config
+  alias Pleroma.Web.AdminAPI.ConfigView
   alias Pleroma.Web.AdminAPI.ReportView
   alias Pleroma.Web.AdminAPI.Search
   alias Pleroma.Web.CommonAPI
@@ -362,6 +364,41 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
     end
   end
 
+  def config_show(conn, _params) do
+    configs = Pleroma.Repo.all(Config)
+
+    conn
+    |> put_view(ConfigView)
+    |> render("index.json", %{configs: configs})
+  end
+
+  def config_update(conn, %{"configs" => configs}) do
+    updated =
+      if Pleroma.Config.get([:instance, :dynamic_configuration]) do
+        updated =
+          Enum.map(configs, fn
+            %{"key" => key, "value" => value} ->
+              {:ok, config} = Config.update_or_create(%{key: key, value: value})
+              config
+
+            %{"key" => key, "delete" => "true"} ->
+              {:ok, _} = Config.delete(key)
+              nil
+          end)
+          |> Enum.reject(&is_nil(&1))
+
+        Pleroma.Config.TransferTask.load_and_update_env()
+        Mix.Tasks.Pleroma.Config.run(["migrate_from_db", Pleroma.Config.get(:env)])
+        updated
+      else
+        []
+      end
+
+    conn
+    |> put_view(ConfigView)
+    |> render("index.json", %{configs: updated})
+  end
+
   def errors(conn, {:error, :not_found}) do
     conn
     |> put_status(404)
diff --git a/lib/pleroma/web/admin_api/config.ex b/lib/pleroma/web/admin_api/config.ex
new file mode 100644
index 000000000..b7072f050
--- /dev/null
+++ b/lib/pleroma/web/admin_api/config.ex
@@ -0,0 +1,144 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.Config do
+  use Ecto.Schema
+  import Ecto.Changeset
+  alias __MODULE__
+  alias Pleroma.Repo
+
+  @type t :: %__MODULE__{}
+
+  schema "config" do
+    field(:key, :string)
+    field(:value, :binary)
+
+    timestamps()
+  end
+
+  @spec get_by_key(String.t()) :: Config.t() | nil
+  def get_by_key(key), do: Repo.get_by(Config, key: key)
+
+  @spec changeset(Config.t(), map()) :: Changeset.t()
+  def changeset(config, params \\ %{}) do
+    config
+    |> cast(params, [:key, :value])
+    |> validate_required([:key, :value])
+    |> unique_constraint(:key)
+  end
+
+  @spec create(map()) :: {:ok, Config.t()} | {:error, Changeset.t()}
+  def create(%{key: key, value: value}) do
+    %Config{}
+    |> changeset(%{key: key, value: transform(value)})
+    |> Repo.insert()
+  end
+
+  @spec update(Config.t(), map()) :: {:ok, Config} | {:error, Changeset.t()}
+  def update(%Config{} = config, %{value: value}) do
+    config
+    |> change(value: transform(value))
+    |> Repo.update()
+  end
+
+  @spec update_or_create(map()) :: {:ok, Config.t()} | {:error, Changeset.t()}
+  def update_or_create(%{key: key} = params) do
+    with %Config{} = config <- Config.get_by_key(key) do
+      Config.update(config, params)
+    else
+      nil -> Config.create(params)
+    end
+  end
+
+  @spec delete(String.t()) :: {:ok, Config.t()} | {:error, Changeset.t()}
+  def delete(key) do
+    with %Config{} = config <- Config.get_by_key(key) do
+      Repo.delete(config)
+    else
+      nil -> {:error, "Config with key #{key} not found"}
+    end
+  end
+
+  @spec from_binary(binary()) :: term()
+  def from_binary(value), do: :erlang.binary_to_term(value)
+
+  @spec from_binary_to_map(binary()) :: any()
+  def from_binary_to_map(binary) do
+    from_binary(binary)
+    |> do_convert()
+  end
+
+  defp do_convert([{k, v}] = value) when is_list(value) and length(value) == 1,
+    do: %{k => do_convert(v)}
+
+  defp do_convert(values) when is_list(values), do: for(val <- values, do: do_convert(val))
+
+  defp do_convert({k, v} = value) when is_tuple(value),
+    do: %{k => do_convert(v)}
+
+  defp do_convert(value) when is_binary(value) or is_atom(value) or is_map(value),
+    do: value
+
+  @spec transform(any()) :: binary()
+  def transform(entity) when is_map(entity) do
+    tuples =
+      for {k, v} <- entity,
+          into: [],
+          do: {if(is_atom(k), do: k, else: String.to_atom(k)), do_transform(v)}
+
+    Enum.reject(tuples, fn {_k, v} -> is_nil(v) end)
+    |> Enum.sort()
+    |> :erlang.term_to_binary()
+  end
+
+  def transform(entity) when is_list(entity) do
+    list = Enum.map(entity, &do_transform(&1))
+    :erlang.term_to_binary(list)
+  end
+
+  def transform(entity), do: :erlang.term_to_binary(entity)
+
+  defp do_transform(%Regex{} = value) when is_map(value), do: value
+
+  defp do_transform(value) when is_map(value) do
+    values =
+      for {key, val} <- value,
+          into: [],
+          do: {String.to_atom(key), do_transform(val)}
+
+    Enum.sort(values)
+  end
+
+  defp do_transform(value) when is_list(value) do
+    Enum.map(value, &do_transform(&1))
+  end
+
+  defp do_transform(entity) when is_list(entity) and length(entity) == 1, do: hd(entity)
+
+  defp do_transform(value) when is_binary(value) do
+    value = String.trim(value)
+
+    case String.length(value) do
+      0 ->
+        nil
+
+      _ ->
+        cond do
+          String.starts_with?(value, "Pleroma") ->
+            String.to_existing_atom("Elixir." <> value)
+
+          String.starts_with?(value, ":") ->
+            String.replace(value, ":", "") |> String.to_existing_atom()
+
+          String.starts_with?(value, "i:") ->
+            String.replace(value, "i:", "") |> String.to_integer()
+
+          true ->
+            value
+        end
+    end
+  end
+
+  defp do_transform(value), do: value
+end
diff --git a/lib/pleroma/web/admin_api/views/config_view.ex b/lib/pleroma/web/admin_api/views/config_view.ex
new file mode 100644
index 000000000..c8560033e
--- /dev/null
+++ b/lib/pleroma/web/admin_api/views/config_view.ex
@@ -0,0 +1,16 @@
+defmodule Pleroma.Web.AdminAPI.ConfigView do
+  use Pleroma.Web, :view
+
+  def render("index.json", %{configs: configs}) do
+    %{
+      configs: render_many(configs, __MODULE__, "show.json", as: :config)
+    }
+  end
+
+  def render("show.json", %{config: config}) do
+    %{
+      key: config.key,
+      value: Pleroma.Web.AdminAPI.Config.from_binary_to_map(config.value)
+    }
+  end
+end
diff --git a/lib/pleroma/web/controller_helper.ex b/lib/pleroma/web/controller_helper.ex
index 55706eeb8..8a753bb4f 100644
--- a/lib/pleroma/web/controller_helper.ex
+++ b/lib/pleroma/web/controller_helper.ex
@@ -15,4 +15,22 @@ defmodule Pleroma.Web.ControllerHelper do
     |> put_status(status)
     |> json(json)
   end
+
+  @spec fetch_integer_param(map(), String.t(), integer() | nil) :: integer() | nil
+  def fetch_integer_param(params, name, default \\ nil) do
+    params
+    |> Map.get(name, default)
+    |> param_to_integer(default)
+  end
+
+  defp param_to_integer(val, _) when is_integer(val), do: val
+
+  defp param_to_integer(val, default) when is_binary(val) do
+    case Integer.parse(val) do
+      {res, _} -> res
+      _ -> default
+    end
+  end
+
+  defp param_to_integer(_, default), do: default
 end
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index bd76e4295..ddaf88f1d 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -91,7 +91,7 @@ defmodule Pleroma.Web.Endpoint do
     Plug.Session,
     store: :cookie,
     key: cookie_name,
-    signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
+    signing_salt: Pleroma.Config.get([__MODULE__, :signing_salt], "CqaoopA2"),
     http_only: true,
     secure: secure_cookies,
     extra: extra
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index 891f9d814..684b03066 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -1126,58 +1126,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
     end
   end
 
-  def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
-    accounts = User.search(query, resolve: params["resolve"] == "true", for_user: user)
-    statuses = Activity.search(user, query)
-    tags_path = Web.base_url() <> "/tag/"
-
-    tags =
-      query
-      |> String.split()
-      |> Enum.uniq()
-      |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
-      |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
-      |> Enum.map(fn tag -> %{name: tag, url: tags_path <> tag} end)
-
-    res = %{
-      "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
-      "statuses" =>
-        StatusView.render("index.json", activities: statuses, for: user, as: :activity),
-      "hashtags" => tags
-    }
-
-    json(conn, res)
-  end
-
-  def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
-    accounts = User.search(query, resolve: params["resolve"] == "true", for_user: user)
-    statuses = Activity.search(user, query)
-
-    tags =
-      query
-      |> String.split()
-      |> Enum.uniq()
-      |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
-      |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
-
-    res = %{
-      "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
-      "statuses" =>
-        StatusView.render("index.json", activities: statuses, for: user, as: :activity),
-      "hashtags" => tags
-    }
-
-    json(conn, res)
-  end
-
-  def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
-    accounts = User.search(query, resolve: params["resolve"] == "true", for_user: user)
-
-    res = AccountView.render("accounts.json", users: accounts, for: user, as: :user)
-
-    json(conn, res)
-  end
-
   def favourites(%{assigns: %{user: user}} = conn, params) do
     params =
       params
diff --git a/lib/pleroma/web/mastodon_api/search_controller.ex b/lib/pleroma/web/mastodon_api/search_controller.ex
new file mode 100644
index 000000000..0d1e2355d
--- /dev/null
+++ b/lib/pleroma/web/mastodon_api/search_controller.ex
@@ -0,0 +1,79 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MastodonAPI.SearchController do
+  use Pleroma.Web, :controller
+  alias Pleroma.Activity
+  alias Pleroma.User
+  alias Pleroma.Web
+  alias Pleroma.Web.MastodonAPI.AccountView
+  alias Pleroma.Web.MastodonAPI.StatusView
+
+  alias Pleroma.Web.ControllerHelper
+
+  require Logger
+
+  plug(Pleroma.Plugs.RateLimiter, :search when action in [:search, :search2, :account_search])
+
+  def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
+    accounts = User.search(query, search_options(params, user))
+    statuses = Activity.search(user, query)
+    tags_path = Web.base_url() <> "/tag/"
+
+    tags =
+      query
+      |> String.split()
+      |> Enum.uniq()
+      |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
+      |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
+      |> Enum.map(fn tag -> %{name: tag, url: tags_path <> tag} end)
+
+    res = %{
+      "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
+      "statuses" =>
+        StatusView.render("index.json", activities: statuses, for: user, as: :activity),
+      "hashtags" => tags
+    }
+
+    json(conn, res)
+  end
+
+  def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
+    accounts = User.search(query, search_options(params, user))
+    statuses = Activity.search(user, query)
+
+    tags =
+      query
+      |> String.split()
+      |> Enum.uniq()
+      |> Enum.filter(fn tag -> String.starts_with?(tag, "#") end)
+      |> Enum.map(fn tag -> String.slice(tag, 1..-1) end)
+
+    res = %{
+      "accounts" => AccountView.render("accounts.json", users: accounts, for: user, as: :user),
+      "statuses" =>
+        StatusView.render("index.json", activities: statuses, for: user, as: :activity),
+      "hashtags" => tags
+    }
+
+    json(conn, res)
+  end
+
+  def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
+    accounts = User.search(query, search_options(params, user))
+    res = AccountView.render("accounts.json", users: accounts, for: user, as: :user)
+
+    json(conn, res)
+  end
+
+  defp search_options(params, user) do
+    [
+      resolve: params["resolve"] == "true",
+      following: params["following"] == "true",
+      limit: ControllerHelper.fetch_integer_param(params, "limit"),
+      offset: ControllerHelper.fetch_integer_param(params, "offset"),
+      for_user: user
+    ]
+  end
+end
diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex
index f412f7eb2..90c304487 100644
--- a/lib/pleroma/web/oauth/token.ex
+++ b/lib/pleroma/web/oauth/token.ex
@@ -14,7 +14,6 @@ defmodule Pleroma.Web.OAuth.Token do
   alias Pleroma.Web.OAuth.Token
   alias Pleroma.Web.OAuth.Token.Query
 
-  @expires_in Pleroma.Config.get([:oauth2, :token_expires_in], 600)
   @type t :: %__MODULE__{}
 
   schema "oauth_tokens" do
@@ -78,7 +77,7 @@ defmodule Pleroma.Web.OAuth.Token do
 
   defp put_valid_until(changeset, attrs) do
     expires_in =
-      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), @expires_in))
+      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in()))
 
     changeset
     |> change(%{valid_until: expires_in})
@@ -123,4 +122,6 @@ defmodule Pleroma.Web.OAuth.Token do
   end
 
   def is_expired?(_), do: false
+
+  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end
diff --git a/lib/pleroma/web/oauth/token/response.ex b/lib/pleroma/web/oauth/token/response.ex
index 64e78b183..2648571ad 100644
--- a/lib/pleroma/web/oauth/token/response.ex
+++ b/lib/pleroma/web/oauth/token/response.ex
@@ -4,15 +4,13 @@ defmodule Pleroma.Web.OAuth.Token.Response do
   alias Pleroma.User
   alias Pleroma.Web.OAuth.Token.Utils
 
-  @expires_in Pleroma.Config.get([:oauth2, :token_expires_in], 600)
-
   @doc false
   def build(%User{} = user, token, opts \\ %{}) do
     %{
       token_type: "Bearer",
       access_token: token.token,
       refresh_token: token.refresh_token,
-      expires_in: @expires_in,
+      expires_in: expires_in(),
       scope: Enum.join(token.scopes, " "),
       me: user.ap_id
     }
@@ -25,8 +23,10 @@ defmodule Pleroma.Web.OAuth.Token.Response do
       access_token: token.token,
       refresh_token: token.refresh_token,
       created_at: Utils.format_created_at(token),
-      expires_in: @expires_in,
+      expires_in: expires_in(),
       scope: Enum.join(token.scopes, " ")
     }
   end
+
+  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 1b37d6a93..0e3f73226 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -202,6 +202,9 @@ defmodule Pleroma.Web.Router do
 
     put("/statuses/:id", AdminAPIController, :status_update)
     delete("/statuses/:id", AdminAPIController, :status_delete)
+
+    get("/config", AdminAPIController, :config_show)
+    post("/config", AdminAPIController, :config_update)
   end
 
   scope "/", Pleroma.Web.TwitterAPI do
@@ -412,7 +415,7 @@ defmodule Pleroma.Web.Router do
 
     get("/trends", MastodonAPIController, :empty_array)
 
-    get("/accounts/search", MastodonAPIController, :account_search)
+    get("/accounts/search", SearchController, :account_search)
 
     scope [] do
       pipe_through(:oauth_read_or_public)
@@ -431,7 +434,7 @@ defmodule Pleroma.Web.Router do
       get("/accounts/:id/following", MastodonAPIController, :following)
       get("/accounts/:id", MastodonAPIController, :user)
 
-      get("/search", MastodonAPIController, :search)
+      get("/search", SearchController, :search)
 
       get("/pleroma/accounts/:id/favourites", MastodonAPIController, :user_favourites)
     end
@@ -439,7 +442,7 @@ defmodule Pleroma.Web.Router do
 
   scope "/api/v2", Pleroma.Web.MastodonAPI do
     pipe_through([:api, :oauth_read_or_public])
-    get("/search", MastodonAPIController, :search2)
+    get("/search", SearchController, :search2)
   end
 
   scope "/api", Pleroma.Web do