[#1234] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
# Conflicts: # CHANGELOG.md # lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex # lib/pleroma/web/router.ex
This commit is contained in:
parent
06b3bb54c5
commit
b93856874d
@ -30,11 +30,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
|
|||||||
when action in [:activity, :object]
|
when action in [:activity, :object]
|
||||||
)
|
)
|
||||||
|
|
||||||
plug(
|
|
||||||
Pleroma.Plugs.OAuthScopesPlug,
|
|
||||||
%{scopes: ["read:accounts"]} when action in [:followers, :following]
|
|
||||||
)
|
|
||||||
|
|
||||||
plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay])
|
plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay])
|
||||||
plug(:set_requester_reachable when action in [:inbox])
|
plug(:set_requester_reachable when action in [:inbox])
|
||||||
plug(:relay_active? when action in [:relay])
|
plug(:relay_active? when action in [:relay])
|
||||||
|
@ -5,8 +5,20 @@
|
|||||||
defmodule Pleroma.Web.MastoFEController do
|
defmodule Pleroma.Web.MastoFEController do
|
||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
|
|
||||||
|
alias Pleroma.Plugs.OAuthScopesPlug
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
|
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
|
||||||
|
|
||||||
|
# Note: :index action handles attempt of unauthenticated access to private instance with redirect
|
||||||
|
plug(
|
||||||
|
OAuthScopesPlug,
|
||||||
|
%{scopes: ["read"], fallback: :proceed_unauthenticated, skip_instance_privacy_check: true}
|
||||||
|
when action == :index
|
||||||
|
)
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :index)
|
||||||
|
|
||||||
@doc "GET /web/*path"
|
@doc "GET /web/*path"
|
||||||
def index(%{assigns: %{user: user}} = conn, _params) do
|
def index(%{assigns: %{user: user}} = conn, _params) do
|
||||||
token = get_session(conn, :oauth_token)
|
token = get_session(conn, :oauth_token)
|
||||||
|
@ -36,6 +36,11 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
|
|||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists)
|
plug(OAuthScopesPlug, %{scopes: ["read:lists"]} when action == :lists)
|
||||||
|
|
||||||
|
plug(
|
||||||
|
OAuthScopesPlug,
|
||||||
|
%{scopes: ["follow", "read:blocks"]} when action == :blocks
|
||||||
|
)
|
||||||
|
|
||||||
plug(
|
plug(
|
||||||
OAuthScopesPlug,
|
OAuthScopesPlug,
|
||||||
%{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock]
|
%{scopes: ["follow", "write:blocks"]} when action in [:block, :unblock]
|
||||||
@ -43,11 +48,14 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
|
|||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships)
|
plug(OAuthScopesPlug, %{scopes: ["read:follows"]} when action == :relationships)
|
||||||
|
|
||||||
|
# Note: :follows (POST /api/v1/follows) is the same as :follow, consider removing :follows
|
||||||
plug(
|
plug(
|
||||||
OAuthScopesPlug,
|
OAuthScopesPlug,
|
||||||
%{scopes: ["follow", "write:follows"]} when action in [:follow, :unfollow]
|
%{scopes: ["follow", "write:follows"]} when action in [:follows, :follow, :unfollow]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
|
||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
|
plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action in [:mute, :unmute])
|
||||||
|
|
||||||
plug(
|
plug(
|
||||||
|
@ -5,6 +5,7 @@
|
|||||||
defmodule Pleroma.Web.MastodonAPI.AppController do
|
defmodule Pleroma.Web.MastodonAPI.AppController do
|
||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
|
|
||||||
|
alias Pleroma.Plugs.OAuthScopesPlug
|
||||||
alias Pleroma.Repo
|
alias Pleroma.Repo
|
||||||
alias Pleroma.Web.OAuth.App
|
alias Pleroma.Web.OAuth.App
|
||||||
alias Pleroma.Web.OAuth.Scopes
|
alias Pleroma.Web.OAuth.Scopes
|
||||||
@ -12,6 +13,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
|
|||||||
|
|
||||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||||
|
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["read"]} when action == :verify_credentials)
|
||||||
|
|
||||||
@local_mastodon_name "Mastodon-Local"
|
@local_mastodon_name "Mastodon-Local"
|
||||||
|
|
||||||
@doc "POST /api/v1/apps"
|
@doc "POST /api/v1/apps"
|
||||||
|
@ -18,6 +18,8 @@ defmodule Pleroma.Web.MastodonAPI.DomainBlockController do
|
|||||||
%{scopes: ["follow", "write:blocks"]} when action != :index
|
%{scopes: ["follow", "write:blocks"]} when action != :index
|
||||||
)
|
)
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
@doc "GET /api/v1/domain_blocks"
|
@doc "GET /api/v1/domain_blocks"
|
||||||
def index(%{assigns: %{user: %{info: info}}} = conn, _) do
|
def index(%{assigns: %{user: %{info: info}}} = conn, _) do
|
||||||
json(conn, Map.get(info, :domain_blocks, []))
|
json(conn, Map.get(info, :domain_blocks, []))
|
||||||
|
@ -21,6 +21,8 @@ defmodule Pleroma.Web.MastodonAPI.FollowRequestController do
|
|||||||
%{scopes: ["follow", "write:follows"]} when action != :index
|
%{scopes: ["follow", "write:follows"]} when action != :index
|
||||||
)
|
)
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
@doc "GET /api/v1/follow_requests"
|
@doc "GET /api/v1/follow_requests"
|
||||||
def index(%{assigns: %{user: followed}} = conn, _params) do
|
def index(%{assigns: %{user: followed}} = conn, _params) do
|
||||||
follow_requests = User.get_follow_requests(followed)
|
follow_requests = User.get_follow_requests(followed)
|
||||||
|
@ -7,69 +7,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
|||||||
|
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
alias Pleroma.Plugs.OAuthScopesPlug
|
|
||||||
@unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
|
|
||||||
|
|
||||||
# Note: :index action handles attempt of unauthenticated access to private instance with redirect
|
|
||||||
plug(
|
|
||||||
OAuthScopesPlug,
|
|
||||||
Map.merge(@unauthenticated_access, %{scopes: ["read"], skip_instance_privacy_check: true})
|
|
||||||
when action == :index
|
|
||||||
)
|
|
||||||
|
|
||||||
plug(
|
|
||||||
OAuthScopesPlug,
|
|
||||||
%{scopes: ["read"]} when action in [:suggestions, :verify_app_credentials]
|
|
||||||
)
|
|
||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
|
|
||||||
|
|
||||||
plug(
|
|
||||||
OAuthScopesPlug,
|
|
||||||
%{@unauthenticated_access | scopes: ["read:statuses"]} when action == :get_poll
|
|
||||||
)
|
|
||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["write:statuses"]} when action == :poll_vote)
|
|
||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
|
|
||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action in [:upload, :update_media])
|
|
||||||
|
|
||||||
plug(
|
|
||||||
OAuthScopesPlug,
|
|
||||||
%{scopes: ["follow", "read:blocks"]} when action == :blocks
|
|
||||||
)
|
|
||||||
|
|
||||||
# To do: POST /api/v1/follows is not present in Mastodon; consider removing the action
|
|
||||||
plug(
|
|
||||||
OAuthScopesPlug,
|
|
||||||
%{scopes: ["follow", "write:follows"]} when action == :follows
|
|
||||||
)
|
|
||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
|
|
||||||
|
|
||||||
# Note: scope not present in Mastodon: read:bookmarks
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
|
|
||||||
|
|
||||||
# An extra safety measure for possible actions not guarded by OAuth permissions specification
|
|
||||||
plug(
|
|
||||||
Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
|
|
||||||
when action not in [
|
|
||||||
:create_app,
|
|
||||||
:index,
|
|
||||||
:login,
|
|
||||||
:logout,
|
|
||||||
:password_reset,
|
|
||||||
:masto_instance,
|
|
||||||
:peers,
|
|
||||||
:custom_emojis
|
|
||||||
]
|
|
||||||
)
|
|
||||||
|
|
||||||
plug(RateLimiter, :password_reset when action == :password_reset)
|
|
||||||
|
|
||||||
@local_mastodon_name "Mastodon-Local"
|
|
||||||
|
|
||||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||||
|
|
||||||
# Stubs for unimplemented mastodon api
|
# Stubs for unimplemented mastodon api
|
||||||
|
@ -6,12 +6,17 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
|
|||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
|
|
||||||
alias Pleroma.Object
|
alias Pleroma.Object
|
||||||
|
alias Pleroma.Plugs.OAuthScopesPlug
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
|
|
||||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||||
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
|
plug(:put_view, Pleroma.Web.MastodonAPI.StatusView)
|
||||||
|
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["write:media"]})
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
@doc "POST /api/v1/media"
|
@doc "POST /api/v1/media"
|
||||||
def create(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do
|
def create(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do
|
||||||
with {:ok, object} <-
|
with {:ok, object} <-
|
||||||
|
@ -20,6 +20,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationController do
|
|||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action not in @oauth_read_actions)
|
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action not in @oauth_read_actions)
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
# GET /api/v1/notifications
|
# GET /api/v1/notifications
|
||||||
def index(%{assigns: %{user: user}} = conn, params) do
|
def index(%{assigns: %{user: user}} = conn, params) do
|
||||||
notifications = MastodonAPI.get_notifications(user, params)
|
notifications = MastodonAPI.get_notifications(user, params)
|
||||||
|
@ -9,11 +9,21 @@ defmodule Pleroma.Web.MastodonAPI.PollController do
|
|||||||
|
|
||||||
alias Pleroma.Activity
|
alias Pleroma.Activity
|
||||||
alias Pleroma.Object
|
alias Pleroma.Object
|
||||||
|
alias Pleroma.Plugs.OAuthScopesPlug
|
||||||
alias Pleroma.Web.ActivityPub.Visibility
|
alias Pleroma.Web.ActivityPub.Visibility
|
||||||
alias Pleroma.Web.CommonAPI
|
alias Pleroma.Web.CommonAPI
|
||||||
|
|
||||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||||
|
|
||||||
|
plug(
|
||||||
|
OAuthScopesPlug,
|
||||||
|
%{scopes: ["read:statuses"], fallback: :proceed_unauthenticated} when action == :show
|
||||||
|
)
|
||||||
|
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["write:statuses"]} when action == :vote)
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
@doc "GET /api/v1/polls/:id"
|
@doc "GET /api/v1/polls/:id"
|
||||||
def show(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
def show(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
||||||
with %Object{} = object <- Object.get_by_id_and_maybe_refetch(id, interval: 60),
|
with %Object{} = object <- Object.get_by_id_and_maybe_refetch(id, interval: 60),
|
||||||
|
@ -11,6 +11,8 @@ defmodule Pleroma.Web.MastodonAPI.ReportController do
|
|||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["write:reports"]} when action == :create)
|
plug(OAuthScopesPlug, %{scopes: ["write:reports"]} when action == :create)
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
@doc "POST /api/v1/reports"
|
@doc "POST /api/v1/reports"
|
||||||
def create(%{assigns: %{user: user}} = conn, params) do
|
def create(%{assigns: %{user: user}} = conn, params) do
|
||||||
with {:ok, activity} <- Pleroma.Web.CommonAPI.report(user, params) do
|
with {:ok, activity} <- Pleroma.Web.CommonAPI.report(user, params) do
|
||||||
|
@ -20,6 +20,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
|
|||||||
# Note: Mastodon doesn't allow unauthenticated access (requires read:accounts / read:search)
|
# Note: Mastodon doesn't allow unauthenticated access (requires read:accounts / read:search)
|
||||||
plug(OAuthScopesPlug, %{scopes: ["read:search"], fallback: :proceed_unauthenticated})
|
plug(OAuthScopesPlug, %{scopes: ["read:search"], fallback: :proceed_unauthenticated})
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
plug(RateLimiter, :search when action in [:search, :search2, :account_search])
|
plug(RateLimiter, :search when action in [:search, :search2, :account_search])
|
||||||
|
|
||||||
def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
|
def account_search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do
|
||||||
|
@ -47,6 +47,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
|
|||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
|
||||||
|
|
||||||
plug(
|
plug(
|
||||||
OAuthScopesPlug,
|
OAuthScopesPlug,
|
||||||
%{scopes: ["write:favourites"]} when action in [:favourite, :unfavourite]
|
%{scopes: ["write:favourites"]} when action in [:favourite, :unfavourite]
|
||||||
@ -65,6 +67,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
|
|||||||
|
|
||||||
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action in [:pin, :unpin])
|
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action in [:pin, :unpin])
|
||||||
|
|
||||||
|
# Note: scope not present in Mastodon: read:bookmarks
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
|
||||||
|
|
||||||
# Note: scope not present in Mastodon: write:bookmarks
|
# Note: scope not present in Mastodon: write:bookmarks
|
||||||
plug(
|
plug(
|
||||||
OAuthScopesPlug,
|
OAuthScopesPlug,
|
||||||
|
@ -14,6 +14,8 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionController do
|
|||||||
|
|
||||||
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
|
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
# Creates PushSubscription
|
# Creates PushSubscription
|
||||||
# POST /api/v1/push/subscription
|
# POST /api/v1/push/subscription
|
||||||
#
|
#
|
||||||
|
@ -8,11 +8,16 @@ defmodule Pleroma.Web.MastodonAPI.SuggestionController do
|
|||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
alias Pleroma.Config
|
alias Pleroma.Config
|
||||||
|
alias Pleroma.Plugs.OAuthScopesPlug
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.MediaProxy
|
alias Pleroma.Web.MediaProxy
|
||||||
|
|
||||||
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
|
||||||
|
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["read"]} when action == :index)
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
@doc "GET /api/v1/suggestions"
|
@doc "GET /api/v1/suggestions"
|
||||||
def index(%{assigns: %{user: user}} = conn, _) do
|
def index(%{assigns: %{user: user}} = conn, _) do
|
||||||
if Config.get([:suggestions, :enabled], false) do
|
if Config.get([:suggestions, :enabled], false) do
|
||||||
|
@ -1,8 +1,26 @@
|
|||||||
defmodule Pleroma.Web.PleromaAPI.EmojiAPIController do
|
defmodule Pleroma.Web.PleromaAPI.EmojiAPIController do
|
||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
|
|
||||||
|
alias Pleroma.Plugs.OAuthScopesPlug
|
||||||
|
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
|
plug(
|
||||||
|
OAuthScopesPlug,
|
||||||
|
%{scopes: ["write"]}
|
||||||
|
when action in [
|
||||||
|
:create,
|
||||||
|
:delete,
|
||||||
|
:download_from,
|
||||||
|
:list_from,
|
||||||
|
:import_from_fs,
|
||||||
|
:update_file,
|
||||||
|
:update_metadata
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
|
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||||
|
|
||||||
def emoji_dir_path do
|
def emoji_dir_path do
|
||||||
Path.join(
|
Path.join(
|
||||||
Pleroma.Config.get!([:instance, :static_dir]),
|
Pleroma.Config.get!([:instance, :static_dir]),
|
||||||
|
@ -87,31 +87,6 @@ defmodule Pleroma.Web.Router do
|
|||||||
plug(Pleroma.Plugs.EnsureUserKeyPlug)
|
plug(Pleroma.Plugs.EnsureUserKeyPlug)
|
||||||
end
|
end
|
||||||
|
|
||||||
pipeline :oauth_read_or_public do
|
|
||||||
plug(Pleroma.Plugs.OAuthScopesPlug, %{
|
|
||||||
scopes: ["read"],
|
|
||||||
fallback: :proceed_unauthenticated
|
|
||||||
})
|
|
||||||
|
|
||||||
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
|
||||||
end
|
|
||||||
|
|
||||||
pipeline :oauth_read do
|
|
||||||
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["read"]})
|
|
||||||
end
|
|
||||||
|
|
||||||
pipeline :oauth_write do
|
|
||||||
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["write"]})
|
|
||||||
end
|
|
||||||
|
|
||||||
pipeline :oauth_follow do
|
|
||||||
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["follow"]})
|
|
||||||
end
|
|
||||||
|
|
||||||
pipeline :oauth_push do
|
|
||||||
plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
|
|
||||||
end
|
|
||||||
|
|
||||||
pipeline :well_known do
|
pipeline :well_known do
|
||||||
plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"])
|
plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"])
|
||||||
end
|
end
|
||||||
@ -154,7 +129,7 @@ defmodule Pleroma.Web.Router do
|
|||||||
end
|
end
|
||||||
|
|
||||||
scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do
|
scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do
|
||||||
pipe_through([:admin_api, :oauth_write])
|
pipe_through(:admin_api)
|
||||||
|
|
||||||
post("/users/follow", AdminAPIController, :user_follow)
|
post("/users/follow", AdminAPIController, :user_follow)
|
||||||
post("/users/unfollow", AdminAPIController, :user_unfollow)
|
post("/users/unfollow", AdminAPIController, :user_unfollow)
|
||||||
@ -213,7 +188,7 @@ defmodule Pleroma.Web.Router do
|
|||||||
scope "/api/pleroma/emoji", Pleroma.Web.PleromaAPI do
|
scope "/api/pleroma/emoji", Pleroma.Web.PleromaAPI do
|
||||||
scope "/packs" do
|
scope "/packs" do
|
||||||
# Modifying packs
|
# Modifying packs
|
||||||
pipe_through([:admin_api, :oauth_write])
|
pipe_through(:admin_api)
|
||||||
|
|
||||||
post("/import_from_fs", EmojiAPIController, :import_from_fs)
|
post("/import_from_fs", EmojiAPIController, :import_from_fs)
|
||||||
|
|
||||||
@ -238,31 +213,20 @@ defmodule Pleroma.Web.Router do
|
|||||||
post("/main/ostatus", UtilController, :remote_subscribe)
|
post("/main/ostatus", UtilController, :remote_subscribe)
|
||||||
get("/ostatus_subscribe", UtilController, :remote_follow)
|
get("/ostatus_subscribe", UtilController, :remote_follow)
|
||||||
|
|
||||||
scope [] do
|
post("/ostatus_subscribe", UtilController, :do_remote_follow)
|
||||||
pipe_through(:oauth_follow)
|
|
||||||
post("/ostatus_subscribe", UtilController, :do_remote_follow)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
|
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
|
||||||
pipe_through(:authenticated_api)
|
pipe_through(:authenticated_api)
|
||||||
|
|
||||||
scope [] do
|
post("/change_email", UtilController, :change_email)
|
||||||
pipe_through(:oauth_write)
|
post("/change_password", UtilController, :change_password)
|
||||||
|
post("/delete_account", UtilController, :delete_account)
|
||||||
|
put("/notification_settings", UtilController, :update_notificaton_settings)
|
||||||
|
post("/disable_account", UtilController, :disable_account)
|
||||||
|
|
||||||
post("/change_email", UtilController, :change_email)
|
post("/blocks_import", UtilController, :blocks_import)
|
||||||
post("/change_password", UtilController, :change_password)
|
post("/follow_import", UtilController, :follow_import)
|
||||||
post("/delete_account", UtilController, :delete_account)
|
|
||||||
put("/notification_settings", UtilController, :update_notificaton_settings)
|
|
||||||
post("/disable_account", UtilController, :disable_account)
|
|
||||||
end
|
|
||||||
|
|
||||||
scope [] do
|
|
||||||
pipe_through(:oauth_follow)
|
|
||||||
|
|
||||||
post("/blocks_import", UtilController, :blocks_import)
|
|
||||||
post("/follow_import", UtilController, :follow_import)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/oauth", Pleroma.Web.OAuth do
|
scope "/oauth", Pleroma.Web.OAuth do
|
||||||
@ -289,14 +253,14 @@ defmodule Pleroma.Web.Router do
|
|||||||
scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
|
scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
|
||||||
scope [] do
|
scope [] do
|
||||||
pipe_through(:authenticated_api)
|
pipe_through(:authenticated_api)
|
||||||
pipe_through(:oauth_read)
|
|
||||||
get("/conversations/:id/statuses", PleromaAPIController, :conversation_statuses)
|
get("/conversations/:id/statuses", PleromaAPIController, :conversation_statuses)
|
||||||
get("/conversations/:id", PleromaAPIController, :conversation)
|
get("/conversations/:id", PleromaAPIController, :conversation)
|
||||||
end
|
end
|
||||||
|
|
||||||
scope [] do
|
scope [] do
|
||||||
pipe_through(:authenticated_api)
|
pipe_through(:authenticated_api)
|
||||||
pipe_through(:oauth_write)
|
|
||||||
patch("/conversations/:id", PleromaAPIController, :update_conversation)
|
patch("/conversations/:id", PleromaAPIController, :update_conversation)
|
||||||
post("/notifications/read", PleromaAPIController, :read_notification)
|
post("/notifications/read", PleromaAPIController, :read_notification)
|
||||||
|
|
||||||
@ -312,13 +276,11 @@ defmodule Pleroma.Web.Router do
|
|||||||
|
|
||||||
scope [] do
|
scope [] do
|
||||||
pipe_through(:api)
|
pipe_through(:api)
|
||||||
pipe_through(:oauth_read_or_public)
|
|
||||||
get("/accounts/:id/favourites", AccountController, :favourites)
|
get("/accounts/:id/favourites", AccountController, :favourites)
|
||||||
end
|
end
|
||||||
|
|
||||||
scope [] do
|
scope [] do
|
||||||
pipe_through(:authenticated_api)
|
pipe_through(:authenticated_api)
|
||||||
pipe_through(:oauth_follow)
|
|
||||||
|
|
||||||
post("/accounts/:id/subscribe", AccountController, :subscribe)
|
post("/accounts/:id/subscribe", AccountController, :subscribe)
|
||||||
post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
|
post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
|
||||||
@ -328,131 +290,114 @@ defmodule Pleroma.Web.Router do
|
|||||||
end
|
end
|
||||||
|
|
||||||
scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
|
scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
|
||||||
pipe_through([:api, :oauth_read_or_public])
|
pipe_through(:api)
|
||||||
|
|
||||||
get("/accounts/:id/scrobbles", ScrobbleController, :user_scrobbles)
|
get("/accounts/:id/scrobbles", ScrobbleController, :user_scrobbles)
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/api/v1", Pleroma.Web.MastodonAPI do
|
scope "/api/v1", Pleroma.Web.MastodonAPI do
|
||||||
pipe_through(:authenticated_api)
|
pipe_through(:authenticated_api)
|
||||||
|
|
||||||
scope [] do
|
get("/accounts/verify_credentials", AccountController, :verify_credentials)
|
||||||
pipe_through(:oauth_read)
|
|
||||||
|
|
||||||
get("/accounts/verify_credentials", AccountController, :verify_credentials)
|
get("/accounts/relationships", AccountController, :relationships)
|
||||||
|
|
||||||
get("/accounts/relationships", AccountController, :relationships)
|
get("/accounts/:id/lists", AccountController, :lists)
|
||||||
|
get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array)
|
||||||
|
|
||||||
get("/accounts/:id/lists", AccountController, :lists)
|
get("/follow_requests", FollowRequestController, :index)
|
||||||
get("/accounts/:id/identity_proofs", MastodonAPIController, :empty_array)
|
get("/blocks", AccountController, :blocks)
|
||||||
|
get("/mutes", AccountController, :mutes)
|
||||||
|
|
||||||
get("/follow_requests", FollowRequestController, :index)
|
get("/timelines/home", TimelineController, :home)
|
||||||
get("/blocks", AccountController, :blocks)
|
get("/timelines/direct", TimelineController, :direct)
|
||||||
get("/mutes", AccountController, :mutes)
|
|
||||||
|
|
||||||
get("/timelines/home", TimelineController, :home)
|
get("/favourites", StatusController, :favourites)
|
||||||
get("/timelines/direct", TimelineController, :direct)
|
get("/bookmarks", StatusController, :bookmarks)
|
||||||
|
|
||||||
get("/favourites", StatusController, :favourites)
|
get("/notifications", NotificationController, :index)
|
||||||
get("/bookmarks", StatusController, :bookmarks)
|
get("/notifications/:id", NotificationController, :show)
|
||||||
|
post("/notifications/clear", NotificationController, :clear)
|
||||||
|
post("/notifications/dismiss", NotificationController, :dismiss)
|
||||||
|
delete("/notifications/destroy_multiple", NotificationController, :destroy_multiple)
|
||||||
|
|
||||||
get("/notifications", NotificationController, :index)
|
get("/scheduled_statuses", ScheduledActivityController, :index)
|
||||||
get("/notifications/:id", NotificationController, :show)
|
get("/scheduled_statuses/:id", ScheduledActivityController, :show)
|
||||||
post("/notifications/clear", NotificationController, :clear)
|
|
||||||
post("/notifications/dismiss", NotificationController, :dismiss)
|
|
||||||
delete("/notifications/destroy_multiple", NotificationController, :destroy_multiple)
|
|
||||||
|
|
||||||
get("/scheduled_statuses", ScheduledActivityController, :index)
|
get("/lists", ListController, :index)
|
||||||
get("/scheduled_statuses/:id", ScheduledActivityController, :show)
|
get("/lists/:id", ListController, :show)
|
||||||
|
get("/lists/:id/accounts", ListController, :list_accounts)
|
||||||
|
|
||||||
get("/lists", ListController, :index)
|
get("/domain_blocks", DomainBlockController, :index)
|
||||||
get("/lists/:id", ListController, :show)
|
|
||||||
get("/lists/:id/accounts", ListController, :list_accounts)
|
|
||||||
|
|
||||||
get("/domain_blocks", DomainBlockController, :index)
|
get("/filters", FilterController, :index)
|
||||||
|
|
||||||
get("/filters", FilterController, :index)
|
get("/suggestions", SuggestionController, :index)
|
||||||
|
|
||||||
get("/suggestions", SuggestionController, :index)
|
get("/conversations", ConversationController, :index)
|
||||||
|
post("/conversations/:id/read", ConversationController, :read)
|
||||||
|
|
||||||
get("/conversations", ConversationController, :index)
|
get("/endorsements", AccountController, :endorsements)
|
||||||
post("/conversations/:id/read", ConversationController, :read)
|
|
||||||
|
|
||||||
get("/endorsements", MastodonAPIController, :empty_array)
|
patch("/accounts/update_credentials", AccountController, :update_credentials)
|
||||||
end
|
|
||||||
|
|
||||||
scope [] do
|
post("/statuses", StatusController, :create)
|
||||||
pipe_through(:oauth_write)
|
delete("/statuses/:id", StatusController, :delete)
|
||||||
|
|
||||||
patch("/accounts/update_credentials", AccountController, :update_credentials)
|
post("/statuses/:id/reblog", StatusController, :reblog)
|
||||||
|
post("/statuses/:id/unreblog", StatusController, :unreblog)
|
||||||
|
post("/statuses/:id/favourite", StatusController, :favourite)
|
||||||
|
post("/statuses/:id/unfavourite", StatusController, :unfavourite)
|
||||||
|
post("/statuses/:id/pin", StatusController, :pin)
|
||||||
|
post("/statuses/:id/unpin", StatusController, :unpin)
|
||||||
|
post("/statuses/:id/bookmark", StatusController, :bookmark)
|
||||||
|
post("/statuses/:id/unbookmark", StatusController, :unbookmark)
|
||||||
|
post("/statuses/:id/mute", StatusController, :mute_conversation)
|
||||||
|
post("/statuses/:id/unmute", StatusController, :unmute_conversation)
|
||||||
|
|
||||||
post("/statuses", StatusController, :create)
|
put("/scheduled_statuses/:id", ScheduledActivityController, :update)
|
||||||
delete("/statuses/:id", StatusController, :delete)
|
delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
|
||||||
|
|
||||||
post("/statuses/:id/reblog", StatusController, :reblog)
|
post("/polls/:id/votes", PollController, :vote)
|
||||||
post("/statuses/:id/unreblog", StatusController, :unreblog)
|
|
||||||
post("/statuses/:id/favourite", StatusController, :favourite)
|
|
||||||
post("/statuses/:id/unfavourite", StatusController, :unfavourite)
|
|
||||||
post("/statuses/:id/pin", StatusController, :pin)
|
|
||||||
post("/statuses/:id/unpin", StatusController, :unpin)
|
|
||||||
post("/statuses/:id/bookmark", StatusController, :bookmark)
|
|
||||||
post("/statuses/:id/unbookmark", StatusController, :unbookmark)
|
|
||||||
post("/statuses/:id/mute", StatusController, :mute_conversation)
|
|
||||||
post("/statuses/:id/unmute", StatusController, :unmute_conversation)
|
|
||||||
|
|
||||||
put("/scheduled_statuses/:id", ScheduledActivityController, :update)
|
post("/media", MediaController, :create)
|
||||||
delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
|
put("/media/:id", MediaController, :update)
|
||||||
|
|
||||||
post("/polls/:id/votes", PollController, :vote)
|
delete("/lists/:id", ListController, :delete)
|
||||||
|
post("/lists", ListController, :create)
|
||||||
|
put("/lists/:id", ListController, :update)
|
||||||
|
|
||||||
post("/media", MediaController, :create)
|
post("/lists/:id/accounts", ListController, :add_to_list)
|
||||||
put("/media/:id", MediaController, :update)
|
delete("/lists/:id/accounts", ListController, :remove_from_list)
|
||||||
|
|
||||||
delete("/lists/:id", ListController, :delete)
|
post("/filters", FilterController, :create)
|
||||||
post("/lists", ListController, :create)
|
get("/filters/:id", FilterController, :show)
|
||||||
put("/lists/:id", ListController, :update)
|
put("/filters/:id", FilterController, :update)
|
||||||
|
delete("/filters/:id", FilterController, :delete)
|
||||||
|
|
||||||
post("/lists/:id/accounts", ListController, :add_to_list)
|
post("/reports", ReportController, :create)
|
||||||
delete("/lists/:id/accounts", ListController, :remove_from_list)
|
|
||||||
|
|
||||||
post("/filters", FilterController, :create)
|
post("/follows", AccountController, :follows)
|
||||||
get("/filters/:id", FilterController, :show)
|
post("/accounts/:id/follow", AccountController, :follow)
|
||||||
put("/filters/:id", FilterController, :update)
|
post("/accounts/:id/unfollow", AccountController, :unfollow)
|
||||||
delete("/filters/:id", FilterController, :delete)
|
post("/accounts/:id/block", AccountController, :block)
|
||||||
|
post("/accounts/:id/unblock", AccountController, :unblock)
|
||||||
|
post("/accounts/:id/mute", AccountController, :mute)
|
||||||
|
post("/accounts/:id/unmute", AccountController, :unmute)
|
||||||
|
|
||||||
post("/reports", ReportController, :create)
|
post("/follow_requests/:id/authorize", FollowRequestController, :authorize)
|
||||||
end
|
post("/follow_requests/:id/reject", FollowRequestController, :reject)
|
||||||
|
|
||||||
scope [] do
|
post("/domain_blocks", DomainBlockController, :create)
|
||||||
pipe_through(:oauth_follow)
|
delete("/domain_blocks", DomainBlockController, :delete)
|
||||||
|
|
||||||
post("/follows", AccountController, :follows)
|
post("/push/subscription", SubscriptionController, :create)
|
||||||
post("/accounts/:id/follow", AccountController, :follow)
|
get("/push/subscription", SubscriptionController, :get)
|
||||||
post("/accounts/:id/unfollow", AccountController, :unfollow)
|
put("/push/subscription", SubscriptionController, :update)
|
||||||
post("/accounts/:id/block", AccountController, :block)
|
delete("/push/subscription", SubscriptionController, :delete)
|
||||||
post("/accounts/:id/unblock", AccountController, :unblock)
|
|
||||||
post("/accounts/:id/mute", AccountController, :mute)
|
|
||||||
post("/accounts/:id/unmute", AccountController, :unmute)
|
|
||||||
|
|
||||||
post("/follow_requests/:id/authorize", FollowRequestController, :authorize)
|
|
||||||
post("/follow_requests/:id/reject", FollowRequestController, :reject)
|
|
||||||
|
|
||||||
post("/domain_blocks", DomainBlockController, :create)
|
|
||||||
delete("/domain_blocks", DomainBlockController, :delete)
|
|
||||||
end
|
|
||||||
|
|
||||||
scope [] do
|
|
||||||
pipe_through(:oauth_push)
|
|
||||||
|
|
||||||
post("/push/subscription", SubscriptionController, :create)
|
|
||||||
get("/push/subscription", SubscriptionController, :get)
|
|
||||||
put("/push/subscription", SubscriptionController, :update)
|
|
||||||
delete("/push/subscription", SubscriptionController, :delete)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/api/web", Pleroma.Web do
|
scope "/api/web", Pleroma.Web do
|
||||||
pipe_through([:authenticated_api, :oauth_write])
|
pipe_through(:authenticated_api)
|
||||||
|
|
||||||
put("/settings", MastoFEController, :put_settings)
|
put("/settings", MastoFEController, :put_settings)
|
||||||
end
|
end
|
||||||
@ -477,30 +422,26 @@ defmodule Pleroma.Web.Router do
|
|||||||
|
|
||||||
get("/trends", MastodonAPIController, :empty_array)
|
get("/trends", MastodonAPIController, :empty_array)
|
||||||
|
|
||||||
scope [] do
|
get("/timelines/public", TimelineController, :public)
|
||||||
pipe_through(:oauth_read_or_public)
|
get("/timelines/tag/:tag", TimelineController, :hashtag)
|
||||||
|
get("/timelines/list/:list_id", TimelineController, :list)
|
||||||
|
|
||||||
get("/timelines/public", TimelineController, :public)
|
get("/statuses", StatusController, :index)
|
||||||
get("/timelines/tag/:tag", TimelineController, :hashtag)
|
get("/statuses/:id", StatusController, :show)
|
||||||
get("/timelines/list/:list_id", TimelineController, :list)
|
get("/statuses/:id/context", StatusController, :context)
|
||||||
|
|
||||||
get("/statuses", StatusController, :index)
|
get("/polls/:id", PollController, :show)
|
||||||
get("/statuses/:id", StatusController, :show)
|
|
||||||
get("/statuses/:id/context", StatusController, :context)
|
|
||||||
|
|
||||||
get("/polls/:id", PollController, :show)
|
get("/accounts/:id/statuses", AccountController, :statuses)
|
||||||
|
get("/accounts/:id/followers", AccountController, :followers)
|
||||||
|
get("/accounts/:id/following", AccountController, :following)
|
||||||
|
get("/accounts/:id", AccountController, :show)
|
||||||
|
|
||||||
get("/accounts/:id/statuses", AccountController, :statuses)
|
get("/search", SearchController, :search)
|
||||||
get("/accounts/:id/followers", AccountController, :followers)
|
|
||||||
get("/accounts/:id/following", AccountController, :following)
|
|
||||||
get("/accounts/:id", AccountController, :show)
|
|
||||||
|
|
||||||
get("/search", SearchController, :search)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/api/v2", Pleroma.Web.MastodonAPI do
|
scope "/api/v2", Pleroma.Web.MastodonAPI do
|
||||||
pipe_through([:api, :oauth_read_or_public])
|
pipe_through(:api)
|
||||||
get("/search", SearchController, :search2)
|
get("/search", SearchController, :search2)
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -531,11 +472,7 @@ defmodule Pleroma.Web.Router do
|
|||||||
get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens)
|
get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens)
|
||||||
delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token)
|
delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token)
|
||||||
|
|
||||||
scope [] do
|
post("/qvitter/statuses/notifications/read", TwitterAPI.Controller, :notifications_read)
|
||||||
pipe_through(:oauth_read)
|
|
||||||
|
|
||||||
post("/qvitter/statuses/notifications/read", TwitterAPI.Controller, :notifications_read)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
pipeline :ap_service_actor do
|
pipeline :ap_service_actor do
|
||||||
@ -599,23 +536,14 @@ defmodule Pleroma.Web.Router do
|
|||||||
scope "/", Pleroma.Web.ActivityPub do
|
scope "/", Pleroma.Web.ActivityPub do
|
||||||
pipe_through([:activitypub_client])
|
pipe_through([:activitypub_client])
|
||||||
|
|
||||||
scope [] do
|
get("/api/ap/whoami", ActivityPubController, :whoami)
|
||||||
pipe_through(:oauth_read)
|
get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
|
||||||
get("/api/ap/whoami", ActivityPubController, :whoami)
|
|
||||||
get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
|
|
||||||
end
|
|
||||||
|
|
||||||
scope [] do
|
post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
|
||||||
pipe_through(:oauth_write)
|
post("/api/ap/upload_media", ActivityPubController, :upload_media)
|
||||||
post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
|
|
||||||
post("/api/ap/upload_media", ActivityPubController, :upload_media)
|
|
||||||
end
|
|
||||||
|
|
||||||
scope [] do
|
get("/users/:nickname/followers", ActivityPubController, :followers)
|
||||||
pipe_through(:oauth_read_or_public)
|
get("/users/:nickname/following", ActivityPubController, :following)
|
||||||
get("/users/:nickname/followers", ActivityPubController, :followers)
|
|
||||||
get("/users/:nickname/following", ActivityPubController, :following)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/", Pleroma.Web.ActivityPub do
|
scope "/", Pleroma.Web.ActivityPub do
|
||||||
@ -665,10 +593,7 @@ defmodule Pleroma.Web.Router do
|
|||||||
|
|
||||||
post("/auth/password", MastodonAPI.AuthController, :password_reset)
|
post("/auth/password", MastodonAPI.AuthController, :password_reset)
|
||||||
|
|
||||||
scope [] do
|
get("/web/*path", MastoFEController, :index)
|
||||||
pipe_through(:oauth_read)
|
|
||||||
get("/web/*path", MastoFEController, :index)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
pipeline :remote_media do
|
pipeline :remote_media do
|
||||||
|
@ -39,6 +39,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
|
|||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :notifications_read)
|
||||||
|
|
||||||
plug(Pleroma.Plugs.SetFormatPlug when action in [:config, :version])
|
plug(Pleroma.Plugs.SetFormatPlug when action in [:config, :version])
|
||||||
|
|
||||||
def help_test(conn, _params) do
|
def help_test(conn, _params) do
|
||||||
|
Loading…
Reference in New Issue
Block a user