diff options
Diffstat (limited to 'lib/pleroma/web')
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 35 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/utils.ex | 41 | ||||
| -rw-r--r-- | lib/pleroma/web/channels/user_socket.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/common_api/common_api.ex | 17 | ||||
| -rw-r--r-- | lib/pleroma/web/common_api/utils.ex | 4 | ||||
| -rw-r--r-- | lib/pleroma/web/controller_helper.ex | 5 | ||||
| -rw-r--r-- | lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 60 | ||||
| -rw-r--r-- | lib/pleroma/web/mastodon_api/websocket_handler.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/oauth/oauth_controller.ex | 39 | ||||
| -rw-r--r-- | lib/pleroma/web/oauth/token.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 16 | ||||
| -rw-r--r-- | lib/pleroma/web/streamer.ex | 3 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/controllers/util_controller.ex | 57 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/twitter_api.ex | 11 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/twitter_api_controller.ex | 10 |
15 files changed, 199 insertions, 105 deletions
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 6e1ed7ec9..f217e7bac 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -113,15 +113,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do def decrease_replies_count_if_reply(_object), do: :noop - def insert(map, local \\ true) when is_map(map) do + def insert(map, local \\ true, fake \\ false) when is_map(map) do with nil <- Activity.normalize(map), - map <- lazy_put_activity_defaults(map), + map <- lazy_put_activity_defaults(map, fake), :ok <- check_actor_is_active(map["actor"]), {_, true} <- {:remote_limit_error, check_remote_limit(map)}, {:ok, map} <- MRF.filter(map), + {recipients, _, _} = get_recipients(map), + {:fake, false, map, recipients} <- {:fake, fake, map, recipients}, {:ok, object} <- insert_full_object(map) do - {recipients, _, _} = get_recipients(map) - {:ok, activity} = Repo.insert(%Activity{ data: map, @@ -146,8 +146,23 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do stream_out(activity) {:ok, activity} else - %Activity{} = activity -> {:ok, activity} - error -> {:error, error} + %Activity{} = activity -> + {:ok, activity} + + {:fake, true, map, recipients} -> + activity = %Activity{ + data: map, + local: local, + actor: map["actor"], + recipients: recipients, + id: "pleroma:fakeid" + } + + Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity) + {:ok, activity} + + error -> + {:error, error} end end @@ -190,7 +205,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do end end - def create(%{to: to, actor: actor, context: context, object: object} = params) do + def create(%{to: to, actor: actor, context: context, object: object} = params, fake \\ false) do additional = params[:additional] || %{} # only accept false as false value local = !(params[:local] == false) @@ -201,13 +216,17 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do %{to: to, actor: actor, published: published, context: context, object: object}, additional ), - {:ok, activity} <- insert(create_data, local), + {:ok, activity} <- insert(create_data, local, fake), + {:fake, false, activity} <- {:fake, fake, activity}, _ <- increase_replies_count_if_reply(create_data), # Changing note count prior to enqueuing federation task in order to avoid # race conditions on updating user.info {:ok, _actor} <- increase_note_count_if_public(actor, activity), :ok <- maybe_federate(activity) do {:ok, activity} + else + {:fake, true, activity} -> + {:ok, activity} end end diff --git a/lib/pleroma/web/activity_pub/utils.ex b/lib/pleroma/web/activity_pub/utils.ex index 2e9ffe41c..81e17b9c1 100644 --- a/lib/pleroma/web/activity_pub/utils.ex +++ b/lib/pleroma/web/activity_pub/utils.ex @@ -175,18 +175,26 @@ defmodule Pleroma.Web.ActivityPub.Utils do Adds an id and a published data if they aren't there, also adds it to an included object """ - def lazy_put_activity_defaults(map) do - %{data: %{"id" => context}, id: context_id} = create_context(map["context"]) - + def lazy_put_activity_defaults(map, fake \\ false) do map = - map - |> Map.put_new_lazy("id", &generate_activity_id/0) - |> Map.put_new_lazy("published", &make_date/0) - |> Map.put_new("context", context) - |> Map.put_new("context_id", context_id) + unless fake do + %{data: %{"id" => context}, id: context_id} = create_context(map["context"]) + + map + |> Map.put_new_lazy("id", &generate_activity_id/0) + |> Map.put_new_lazy("published", &make_date/0) + |> Map.put_new("context", context) + |> Map.put_new("context_id", context_id) + else + map + |> Map.put_new("id", "pleroma:fakeid") + |> Map.put_new_lazy("published", &make_date/0) + |> Map.put_new("context", "pleroma:fakecontext") + |> Map.put_new("context_id", -1) + end if is_map(map["object"]) do - object = lazy_put_object_defaults(map["object"], map) + object = lazy_put_object_defaults(map["object"], map, fake) %{map | "object" => object} else map @@ -196,7 +204,18 @@ defmodule Pleroma.Web.ActivityPub.Utils do @doc """ Adds an id and published date if they aren't there. """ - def lazy_put_object_defaults(map, activity \\ %{}) do + def lazy_put_object_defaults(map, activity \\ %{}, fake) + + def lazy_put_object_defaults(map, activity, true = _fake) do + map + |> Map.put_new_lazy("published", &make_date/0) + |> Map.put_new("id", "pleroma:fake_object_id") + |> Map.put_new("context", activity["context"]) + |> Map.put_new("fake", true) + |> Map.put_new("context_id", activity["context_id"]) + end + + def lazy_put_object_defaults(map, activity, _fake) do map |> Map.put_new_lazy("id", &generate_object_id/0) |> Map.put_new_lazy("published", &make_date/0) @@ -354,7 +373,7 @@ defmodule Pleroma.Web.ActivityPub.Utils do [state, actor, object] ) - activity = Repo.get(Activity, activity.id) + activity = Activity.get_by_id(activity.id) {:ok, activity} rescue e -> diff --git a/lib/pleroma/web/channels/user_socket.ex b/lib/pleroma/web/channels/user_socket.ex index 3a700fa3b..6503979a1 100644 --- a/lib/pleroma/web/channels/user_socket.ex +++ b/lib/pleroma/web/channels/user_socket.ex @@ -24,7 +24,7 @@ defmodule Pleroma.Web.UserSocket do def connect(%{"token" => token}, socket) do with true <- Pleroma.Config.get([:chat, :enabled]), {:ok, user_id} <- Phoenix.Token.verify(socket, "user socket", token, max_age: 84_600), - %User{} = user <- Pleroma.Repo.get(User, user_id) do + %User{} = user <- Pleroma.User.get_by_id(user_id) do {:ok, assign(socket, :user_name, user.nickname)} else _e -> :error diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 25b990677..2f82a32f3 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -172,13 +172,16 @@ defmodule Pleroma.Web.CommonAPI do end) ) do res = - ActivityPub.create(%{ - to: to, - actor: user, - context: context, - object: object, - additional: %{"cc" => cc, "directMessage" => visibility == "direct"} - }) + ActivityPub.create( + %{ + to: to, + actor: user, + context: context, + object: object, + additional: %{"cc" => cc, "directMessage" => visibility == "direct"} + }, + data["preview"] || false + ) res end diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 0bf4de2f6..9cd8b3758 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -33,7 +33,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do def get_replied_to_activity(""), do: nil def get_replied_to_activity(id) when not is_nil(id) do - Repo.get(Activity, id) + Activity.get_by_id(id) end def get_replied_to_activity(_), do: nil @@ -283,7 +283,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do end def confirm_current_password(user, password) do - with %User{local: true} = db_user <- Repo.get(User, user.id), + with %User{local: true} = db_user <- User.get_by_id(user.id), true <- Pbkdf2.checkpw(password, db_user.password_hash) do {:ok, db_user} else diff --git a/lib/pleroma/web/controller_helper.ex b/lib/pleroma/web/controller_helper.ex index 4d6192db0..181483664 100644 --- a/lib/pleroma/web/controller_helper.ex +++ b/lib/pleroma/web/controller_helper.ex @@ -5,6 +5,11 @@ defmodule Pleroma.Web.ControllerHelper do use Pleroma.Web, :controller + # As in MastoAPI, per https://api.rubyonrails.org/classes/ActiveModel/Type/Boolean.html + @falsy_param_values [false, 0, "0", "f", "F", "false", "FALSE", "off", "OFF"] + def truthy_param?(blank_value) when blank_value in [nil, ""], do: nil + def truthy_param?(value), do: value not in @falsy_param_values + def oauth_scopes(params, default) do # Note: `scopes` is used by Mastodon — supporting it but sticking to # OAuth's standard `scope` wherever we control it diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index eee4e7678..0de2cca4e 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -285,7 +285,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def user_statuses(%{assigns: %{user: reading_user}} = conn, params) do - with %User{} = user <- Repo.get(User, params["id"]) do + with %User{} = user <- User.get_by_id(params["id"]) do activities = ActivityPub.fetch_user_activities(user, reading_user, params) conn @@ -319,7 +319,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def get_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{} = activity <- Repo.get(Activity, id), + with %Activity{} = activity <- Activity.get_by_id(id), true <- Visibility.visible_for_user?(activity, user) do conn |> put_view(StatusView) @@ -328,7 +328,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def get_context(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{} = activity <- Repo.get(Activity, id), + with %Activity{} = activity <- Activity.get_by_id(id), activities <- ActivityPub.fetch_activities_for_context(activity.data["context"], %{ "blocking_user" => user, @@ -460,7 +460,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def bookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{} = activity <- Repo.get(Activity, id), + with %Activity{} = activity <- Activity.get_by_id(id), %User{} = user <- User.get_by_nickname(user.nickname), true <- Visibility.visible_for_user?(activity, user), {:ok, user} <- User.bookmark(user, activity.data["object"]["id"]) do @@ -471,7 +471,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def unbookmark_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{} = activity <- Repo.get(Activity, id), + with %Activity{} = activity <- Activity.get_by_id(id), %User{} = user <- User.get_by_nickname(user.nickname), true <- Visibility.visible_for_user?(activity, user), {:ok, user} <- User.unbookmark(user, activity.data["object"]["id"]) do @@ -593,7 +593,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def favourited_by(conn, %{"id" => id}) do - with %Activity{data: %{"object" => %{"likes" => likes}}} <- Repo.get(Activity, id) do + with %Activity{data: %{"object" => %{"likes" => likes}}} <- Activity.get_by_id(id) do q = from(u in User, where: u.ap_id in ^likes) users = Repo.all(q) @@ -606,7 +606,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def reblogged_by(conn, %{"id" => id}) do - with %Activity{data: %{"object" => %{"announcements" => announces}}} <- Repo.get(Activity, id) do + with %Activity{data: %{"object" => %{"announcements" => announces}}} <- Activity.get_by_id(id) do q = from(u in User, where: u.ap_id in ^announces) users = Repo.all(q) @@ -657,7 +657,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def followers(%{assigns: %{user: for_user}} = conn, %{"id" => id} = params) do - with %User{} = user <- Repo.get(User, id), + with %User{} = user <- User.get_by_id(id), followers <- MastodonAPI.get_followers(user, params) do followers = cond do @@ -674,7 +674,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def following(%{assigns: %{user: for_user}} = conn, %{"id" => id} = params) do - with %User{} = user <- Repo.get(User, id), + with %User{} = user <- User.get_by_id(id), followers <- MastodonAPI.get_friends(user, params) do followers = cond do @@ -699,7 +699,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def authorize_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do - with %User{} = follower <- Repo.get(User, id), + with %User{} = follower <- User.get_by_id(id), {:ok, follower} <- CommonAPI.accept_follow_request(follower, followed) do conn |> put_view(AccountView) @@ -713,7 +713,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def reject_follow_request(%{assigns: %{user: followed}} = conn, %{"id" => id}) do - with %User{} = follower <- Repo.get(User, id), + with %User{} = follower <- User.get_by_id(id), {:ok, follower} <- CommonAPI.reject_follow_request(follower, followed) do conn |> put_view(AccountView) @@ -727,7 +727,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def follow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do - with %User{} = followed <- Repo.get(User, id), + with %User{} = followed <- User.get_by_id(id), false <- User.following?(follower, followed), {:ok, follower, followed, _} <- CommonAPI.follow(follower, followed) do conn @@ -755,7 +755,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def follow(%{assigns: %{user: follower}} = conn, %{"uri" => uri}) do - with %User{} = followed <- Repo.get_by(User, nickname: uri), + with %User{} = followed <- User.get_by_nickname(uri), {:ok, follower, followed, _} <- CommonAPI.follow(follower, followed) do conn |> put_view(AccountView) @@ -769,7 +769,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def unfollow(%{assigns: %{user: follower}} = conn, %{"id" => id}) do - with %User{} = followed <- Repo.get(User, id), + with %User{} = followed <- User.get_by_id(id), {:ok, follower} <- CommonAPI.unfollow(follower, followed) do conn |> put_view(AccountView) @@ -778,7 +778,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def mute(%{assigns: %{user: muter}} = conn, %{"id" => id}) do - with %User{} = muted <- Repo.get(User, id), + with %User{} = muted <- User.get_by_id(id), {:ok, muter} <- User.mute(muter, muted) do conn |> put_view(AccountView) @@ -792,7 +792,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def unmute(%{assigns: %{user: muter}} = conn, %{"id" => id}) do - with %User{} = muted <- Repo.get(User, id), + with %User{} = muted <- User.get_by_id(id), {:ok, muter} <- User.unmute(muter, muted) do conn |> put_view(AccountView) @@ -813,7 +813,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def block(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do - with %User{} = blocked <- Repo.get(User, id), + with %User{} = blocked <- User.get_by_id(id), {:ok, blocker} <- User.block(blocker, blocked), {:ok, _activity} <- ActivityPub.block(blocker, blocked) do conn @@ -828,7 +828,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def unblock(%{assigns: %{user: blocker}} = conn, %{"id" => id}) do - with %User{} = blocked <- Repo.get(User, id), + with %User{} = blocked <- User.get_by_id(id), {:ok, blocker} <- User.unblock(blocker, blocked), {:ok, _activity} <- ActivityPub.unblock(blocker, blocked) do conn @@ -966,7 +966,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def bookmarks(%{assigns: %{user: user}} = conn, _) do - user = Repo.get(User, user.id) + user = User.get_by_id(user.id) activities = user.bookmarks @@ -1023,7 +1023,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do accounts |> Enum.each(fn account_id -> with %Pleroma.List{} = list <- Pleroma.List.get(id, user), - %User{} = followed <- Repo.get(User, account_id) do + %User{} = followed <- User.get_by_id(account_id) do Pleroma.List.follow(list, followed) end end) @@ -1035,7 +1035,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do accounts |> Enum.each(fn account_id -> with %Pleroma.List{} = list <- Pleroma.List.get(id, user), - %User{} = followed <- Repo.get(Pleroma.User, account_id) do + %User{} = followed <- Pleroma.User.get_by_id(account_id) do Pleroma.List.unfollow(list, followed) end end) @@ -1249,16 +1249,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do "glitch" end - def login(conn, %{"code" => code}) do + def login(%{assigns: %{user: %User{}}} = conn, _params) do + redirect(conn, to: local_mastodon_root_path(conn)) + end + + @doc "Local Mastodon FE login init action" + def login(conn, %{"code" => auth_token}) do with {:ok, app} <- get_or_make_app(), - %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id), + %Authorization{} = auth <- Repo.get_by(Authorization, token: auth_token, app_id: app.id), {:ok, token} <- Token.exchange_token(app, auth) do conn |> put_session(:oauth_token, token.token) - |> redirect(to: "/web/getting-started") + |> redirect(to: local_mastodon_root_path(conn)) end end + @doc "Local Mastodon FE callback action" def login(conn, _) do with {:ok, app} <- get_or_make_app() do path = @@ -1276,6 +1282,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + defp local_mastodon_root_path(conn), do: mastodon_api_path(conn, :index, ["getting-started"]) + defp get_or_make_app do find_attrs = %{client_name: @local_mastodon_name, redirect_uris: "."} scopes = ["read", "write", "follow", "push"] @@ -1312,7 +1320,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def relationship_noop(%{assigns: %{user: user}} = conn, %{"id" => id}) do Logger.debug("Unimplemented, returning unmodified relationship") - with %User{} = target <- Repo.get(User, id) do + with %User{} = target <- User.get_by_id(id) do conn |> put_view(AccountView) |> render("relationship.json", %{user: user, target: target}) @@ -1454,7 +1462,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def status_card(%{assigns: %{user: user}} = conn, %{"id" => status_id}) do - with %Activity{} = activity <- Repo.get(Activity, status_id), + with %Activity{} = activity <- Activity.get_by_id(status_id), true <- Visibility.visible_for_user?(activity, user) do data = StatusView.render( diff --git a/lib/pleroma/web/mastodon_api/websocket_handler.ex b/lib/pleroma/web/mastodon_api/websocket_handler.ex index 9b262f461..1b3721e2b 100644 --- a/lib/pleroma/web/mastodon_api/websocket_handler.ex +++ b/lib/pleroma/web/mastodon_api/websocket_handler.ex @@ -90,7 +90,7 @@ defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do # Authenticated streams. defp allow_request(stream, {"access_token", access_token}) when stream in @streams do with %Token{user_id: user_id} <- Repo.get_by(Token, token: access_token), - user = %User{} <- Repo.get(User, user_id) do + user = %User{} <- User.get_by_id(user_id) do {:ok, user} else _ -> {:error, 403} diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index ebb3dd253..26d53df1a 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do alias Pleroma.Repo alias Pleroma.User alias Pleroma.Web.Auth.Authenticator + alias Pleroma.Web.ControllerHelper alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token @@ -19,7 +20,28 @@ defmodule Pleroma.Web.OAuth.OAuthController do action_fallback(Pleroma.Web.OAuth.FallbackController) - def authorize(conn, params) do + def authorize(%{assigns: %{token: %Token{} = token}} = conn, params) do + if ControllerHelper.truthy_param?(params["force_login"]) do + do_authorize(conn, params) + else + redirect_uri = + if is_binary(params["redirect_uri"]) do + params["redirect_uri"] + else + app = Repo.preload(token, :app).app + + app.redirect_uris + |> String.split() + |> Enum.at(0) + end + + redirect(conn, external: redirect_uri(conn, redirect_uri)) + end + end + + def authorize(conn, params), do: do_authorize(conn, params) + + defp do_authorize(conn, params) do app = Repo.get_by(App, client_id: params["client_id"]) available_scopes = (app && app.scopes) || [] scopes = oauth_scopes(params, nil) || available_scopes @@ -51,13 +73,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do {:missing_scopes, false} <- {:missing_scopes, scopes == []}, {:auth_active, true} <- {:auth_active, User.auth_active?(user)}, {:ok, auth} <- Authorization.create_authorization(app, user, scopes) do - redirect_uri = - if redirect_uri == "." do - # Special case: Local MastodonFE - mastodon_api_url(conn, :login) - else - redirect_uri - end + redirect_uri = redirect_uri(conn, redirect_uri) cond do redirect_uri == "urn:ietf:wg:oauth:2.0:oob" -> @@ -108,7 +124,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do fixed_token = fix_padding(params["code"]), %Authorization{} = auth <- Repo.get_by(Authorization, token: fixed_token, app_id: app.id), - %User{} = user <- Repo.get(User, auth.user_id), + %User{} = user <- User.get_by_id(auth.user_id), {:ok, token} <- Token.exchange_token(app, auth), {:ok, inserted_at} <- DateTime.from_naive(token.inserted_at, "Etc/UTC") do response = %{ @@ -221,4 +237,9 @@ defmodule Pleroma.Web.OAuth.OAuthController do nil end end + + # Special case: Local MastodonFE + defp redirect_uri(conn, "."), do: mastodon_api_url(conn, :login) + + defp redirect_uri(_conn, redirect_uri), do: redirect_uri end diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex index a8b06db36..2b5ad9b94 100644 --- a/lib/pleroma/web/oauth/token.ex +++ b/lib/pleroma/web/oauth/token.ex @@ -27,7 +27,7 @@ defmodule Pleroma.Web.OAuth.Token do def exchange_token(app, auth) do with {:ok, auth} <- Authorization.use_token(auth), true <- auth.app_id == app.id do - create_token(app, Repo.get(User, auth.user_id), auth.scopes) + create_token(app, User.get_by_id(auth.user_id), auth.scopes) end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 9ccb4e535..605a327fc 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -5,6 +5,11 @@ defmodule Pleroma.Web.Router do use Pleroma.Web, :router + pipeline :oauth do + plug(:fetch_session) + plug(Pleroma.Plugs.OAuthPlug) + end + pipeline :api do plug(:accepts, ["json"]) plug(:fetch_session) @@ -105,10 +110,6 @@ defmodule Pleroma.Web.Router do plug(:accepts, ["json", "xml"]) end - pipeline :oauth do - plug(:accepts, ["html", "json"]) - end - pipeline :pleroma_api do plug(:accepts, ["html", "json"]) end @@ -200,7 +201,11 @@ defmodule Pleroma.Web.Router do end scope "/oauth", Pleroma.Web.OAuth do - get("/authorize", OAuthController, :authorize) + scope [] do + pipe_through(:oauth) + get("/authorize", OAuthController, :authorize) + end + post("/authorize", OAuthController, :create_authorization) post("/token", OAuthController, :token_exchange) post("/revoke", OAuthController, :token_revoke) @@ -218,6 +223,7 @@ defmodule Pleroma.Web.Router do get("/accounts/search", MastodonAPIController, :account_search) get("/accounts/:id/lists", MastodonAPIController, :account_lists) + get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array) get("/follow_requests", MastodonAPIController, :follow_requests) get("/blocks", MastodonAPIController, :blocks) diff --git a/lib/pleroma/web/streamer.ex b/lib/pleroma/web/streamer.ex index 592749b42..a82109f92 100644 --- a/lib/pleroma/web/streamer.ex +++ b/lib/pleroma/web/streamer.ex @@ -8,7 +8,6 @@ defmodule Pleroma.Web.Streamer do alias Pleroma.Activity alias Pleroma.Notification alias Pleroma.Object - alias Pleroma.Repo alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Visibility @@ -82,7 +81,7 @@ defmodule Pleroma.Web.Streamer do _ -> Pleroma.List.get_lists_from_activity(item) |> Enum.filter(fn list -> - owner = Repo.get(User, list.user_id) + owner = User.get_by_id(list.user_id) Visibility.visible_for_user?(item, owner) end) diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index faa733fec..3cdd7a2f2 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do require Logger alias Comeonin.Pbkdf2 + alias Pleroma.Activity alias Pleroma.Emoji alias Pleroma.Notification alias Pleroma.PasswordResetToken @@ -21,7 +22,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do def show_password_reset(conn, %{"token" => token}) do with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}), - %User{} = user <- Repo.get(User, token.user_id) do + %User{} = user <- User.get_by_id(token.user_id) do render(conn, "password_reset.html", %{ token: token, user: user @@ -73,36 +74,52 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end def remote_follow(%{assigns: %{user: user}} = conn, %{"acct" => acct}) do - {err, followee} = OStatus.find_or_make_user(acct) - avatar = User.avatar_url(followee) - name = followee.nickname - id = followee.id - - if !!user do - conn - |> render("follow.html", %{error: err, acct: acct, avatar: avatar, name: name, id: id}) + if is_status?(acct) do + {:ok, object} = ActivityPub.fetch_object_from_id(acct) + %Activity{id: activity_id} = Activity.get_create_by_object_ap_id(object.data["id"]) + redirect(conn, to: "/notice/#{activity_id}") else - conn - |> render("follow_login.html", %{ - error: false, - acct: acct, - avatar: avatar, - name: name, - id: id - }) + {err, followee} = OStatus.find_or_make_user(acct) + avatar = User.avatar_url(followee) + name = followee.nickname + id = followee.id + + if !!user do + conn + |> render("follow.html", %{error: err, acct: acct, avatar: avatar, name: name, id: id}) + else + conn + |> render("follow_login.html", %{ + error: false, + acct: acct, + avatar: avatar, + name: name, + id: id + }) + end + end + end + + defp is_status?(acct) do + case ActivityPub.fetch_and_contain_remote_object_from_id(acct) do + {:ok, %{"type" => type}} when type in ["Article", "Note", "Video", "Page", "Question"] -> + true + + _ -> + false end end def do_remote_follow(conn, %{ "authorization" => %{"name" => username, "password" => password, "id" => id} }) do - followee = Repo.get(User, id) + followee = User.get_by_id(id) avatar = User.avatar_url(followee) name = followee.nickname with %User{} = user <- User.get_cached_by_nickname(username), true <- Pbkdf2.checkpw(password, user.password_hash), - %User{} = _followed <- Repo.get(User, id), + %User{} = _followed <- User.get_by_id(id), {:ok, follower} <- User.follow(user, followee), {:ok, _activity} <- ActivityPub.follow(follower, followee) do conn @@ -124,7 +141,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do end def do_remote_follow(%{assigns: %{user: user}} = conn, %{"user" => %{"id" => id}}) do - with %User{} = followee <- Repo.get(User, id), + with %User{} = followee <- User.get_by_id(id), {:ok, follower} <- User.follow(user, followee), {:ok, _activity} <- ActivityPub.follow(follower, followee) do conn diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 9978c7f64..9b081a316 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -20,7 +20,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end def delete(%User{} = user, id) do - with %Activity{data: %{"type" => _type}} <- Repo.get(Activity, id), + with %Activity{data: %{"type" => _type}} <- Activity.get_by_id(id), {:ok, activity} <- CommonAPI.delete(id, user) do {:ok, activity} end @@ -227,12 +227,9 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do end %{"screen_name" => nickname} -> - case target = Repo.get_by(User, nickname: nickname) do - nil -> - {:error, "No user with such screen_name"} - - _ -> - {:ok, target} + case User.get_by_nickname(nickname) do + nil -> {:error, "No user with such screen_name"} + target -> {:ok, target} end _ -> diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 62cce18dc..a7ec9949c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -270,7 +270,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def fetch_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do - with %Activity{} = activity <- Repo.get(Activity, id), + with %Activity{} = activity <- Activity.get_by_id(id), true <- Visibility.visible_for_user?(activity, user) do conn |> put_view(ActivityView) @@ -342,7 +342,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def get_by_id_or_ap_id(id) do - activity = Repo.get(Activity, id) || Activity.get_create_by_object_ap_id(id) + activity = Activity.get_by_id(id) || Activity.get_create_by_object_ap_id(id) if activity.data["type"] == "Create" do activity @@ -434,7 +434,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def confirm_email(conn, %{"user_id" => uid, "token" => token}) do - with %User{} = user <- Repo.get(User, uid), + with %User{} = user <- User.get_by_id(uid), true <- user.local, true <- user.info.confirmation_pending, true <- user.info.confirmation_token == token, @@ -587,7 +587,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do def approve_friend_request(conn, %{"user_id" => uid} = _params) do with followed <- conn.assigns[:user], - %User{} = follower <- Repo.get(User, uid), + %User{} = follower <- User.get_by_id(uid), {:ok, follower} <- CommonAPI.accept_follow_request(follower, followed) do conn |> put_view(UserView) @@ -599,7 +599,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do def deny_friend_request(conn, %{"user_id" => uid} = _params) do with followed <- conn.assigns[:user], - %User{} = follower <- Repo.get(User, uid), + %User{} = follower <- User.get_by_id(uid), {:ok, follower} <- CommonAPI.reject_follow_request(follower, followed) do conn |> put_view(UserView) |