2019-10-01 10:21:46 +02:00
|
|
|
# Pleroma: A lightweight social networking server
|
2021-01-13 07:49:20 +01:00
|
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
2019-10-01 10:21:46 +02:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
defmodule Pleroma.Web.MastodonAPI.AppController do
|
2021-02-11 13:02:50 +01:00
|
|
|
@moduledoc """
|
|
|
|
Controller for supporting app-related actions.
|
|
|
|
If authentication is an option, app tokens (user-unbound) must be supported.
|
|
|
|
"""
|
|
|
|
|
2019-10-01 10:21:46 +02:00
|
|
|
use Pleroma.Web, :controller
|
|
|
|
|
|
|
|
alias Pleroma.Repo
|
|
|
|
alias Pleroma.Web.OAuth.App
|
|
|
|
alias Pleroma.Web.OAuth.Scopes
|
|
|
|
alias Pleroma.Web.OAuth.Token
|
2020-06-24 12:07:47 +02:00
|
|
|
alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
|
|
|
|
alias Pleroma.Web.Plugs.OAuthScopesPlug
|
2019-10-01 10:21:46 +02:00
|
|
|
|
|
|
|
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
|
|
|
|
2020-04-22 17:50:25 +02:00
|
|
|
plug(
|
|
|
|
:skip_plug,
|
|
|
|
[OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug]
|
2021-02-11 13:02:50 +01:00
|
|
|
when action in [:create, :verify_credentials]
|
2020-04-22 17:50:25 +02:00
|
|
|
)
|
|
|
|
|
2020-05-04 18:16:18 +02:00
|
|
|
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
2019-10-06 16:12:17 +02:00
|
|
|
|
2019-10-01 10:21:46 +02:00
|
|
|
@local_mastodon_name "Mastodon-Local"
|
|
|
|
|
2020-04-01 21:00:59 +02:00
|
|
|
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.AppOperation
|
|
|
|
|
2019-10-01 10:21:46 +02:00
|
|
|
@doc "POST /api/v1/apps"
|
2020-04-01 21:00:59 +02:00
|
|
|
def create(%{body_params: params} = conn, _params) do
|
2019-10-01 10:21:46 +02:00
|
|
|
scopes = Scopes.fetch_scopes(params, ["read"])
|
|
|
|
|
|
|
|
app_attrs =
|
|
|
|
params
|
2020-04-01 21:00:59 +02:00
|
|
|
|> Map.take([:client_name, :redirect_uris, :website])
|
|
|
|
|> Map.put(:scopes, scopes)
|
2019-10-01 10:21:46 +02:00
|
|
|
|
|
|
|
with cs <- App.register_changeset(%App{}, app_attrs),
|
|
|
|
false <- cs.changes[:client_name] == @local_mastodon_name,
|
|
|
|
{:ok, app} <- Repo.insert(cs) do
|
|
|
|
render(conn, "show.json", app: app)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-02-11 13:02:50 +01:00
|
|
|
@doc """
|
|
|
|
GET /api/v1/apps/verify_credentials
|
|
|
|
Gets compact non-secret representation of the app. Supports app tokens and user tokens.
|
|
|
|
"""
|
|
|
|
def verify_credentials(%{assigns: %{token: %Token{} = token}} = conn, _) do
|
|
|
|
with %{app: %App{} = app} <- Repo.preload(token, :app) do
|
|
|
|
render(conn, "compact_non_secret.json", app: app)
|
2019-10-01 10:21:46 +02:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|