diff options
Diffstat (limited to 'lib/pleroma/web/admin_api/controllers')
8 files changed, 226 insertions, 51 deletions
diff --git a/lib/pleroma/web/admin_api/controllers/config_controller.ex b/lib/pleroma/web/admin_api/controllers/config_controller.ex index a03318c0e..2c9c27294 100644 --- a/lib/pleroma/web/admin_api/controllers/config_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/config_controller.ex @@ -9,7 +9,7 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do alias Pleroma.ConfigDB alias Pleroma.Web.Plugs.OAuthScopesPlug - plug(Pleroma.Web.ApiSpec.CastAndValidate) + plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false) plug(OAuthScopesPlug, %{scopes: ["admin:write"]} when action == :update) plug( @@ -76,7 +76,7 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do json(conn, translate_descriptions(descriptions)) end - def show(conn, %{only_db: true}) do + def show(%{private: %{open_api_spex: %{params: %{only_db: true}}}} = conn, _) do with :ok <- configurable_from_database() do configs = Pleroma.Repo.all(ConfigDB) @@ -128,7 +128,7 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do end end - def update(%{body_params: %{configs: configs}} = conn, _) do + def update(%{private: %{open_api_spex: %{body_params: %{configs: configs}}}} = conn, _) do with :ok <- configurable_from_database() do results = configs diff --git a/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex b/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex index 990a94313..d76a95960 100644 --- a/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex @@ -9,7 +9,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceDocumentController do alias Pleroma.Web.Plugs.InstanceStatic alias Pleroma.Web.Plugs.OAuthScopesPlug - plug(Pleroma.Web.ApiSpec.CastAndValidate) + plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false) action_fallback(Pleroma.Web.AdminAPI.FallbackController) @@ -18,7 +18,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceDocumentController do plug(OAuthScopesPlug, %{scopes: ["admin:read"]} when action == :show) plug(OAuthScopesPlug, %{scopes: ["admin:write"]} when action in [:update, :delete]) - def show(conn, %{name: document_name}) do + def show(%{private: %{open_api_spex: %{params: %{name: document_name}}}} = conn, _) do with {:ok, url} <- InstanceDocument.get(document_name), {:ok, content} <- File.read(InstanceStatic.file_path(url)) do conn @@ -27,13 +27,18 @@ defmodule Pleroma.Web.AdminAPI.InstanceDocumentController do end end - def update(%{body_params: %{file: file}} = conn, %{name: document_name}) do + def update( + %{ + private: %{open_api_spex: %{body_params: %{file: file}, params: %{name: document_name}}} + } = conn, + _ + ) do with {:ok, url} <- InstanceDocument.put(document_name, file.path) do json(conn, %{"url" => url}) end end - def delete(conn, %{name: document_name}) do + def delete(%{private: %{open_api_spex: %{params: %{name: document_name}}}} = conn, _) do with :ok <- InstanceDocument.delete(document_name) do json(conn, %{}) end diff --git a/lib/pleroma/web/admin_api/controllers/invite_controller.ex b/lib/pleroma/web/admin_api/controllers/invite_controller.ex index c5d759bb5..7e3020f28 100644 --- a/lib/pleroma/web/admin_api/controllers/invite_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/invite_controller.ex @@ -13,7 +13,7 @@ defmodule Pleroma.Web.AdminAPI.InviteController do require Logger - plug(Pleroma.Web.ApiSpec.CastAndValidate) + plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false) plug(OAuthScopesPlug, %{scopes: ["admin:read:invites"]} when action == :index) plug( @@ -33,14 +33,14 @@ defmodule Pleroma.Web.AdminAPI.InviteController do end @doc "Create an account registration invite token" - def create(%{body_params: params} = conn, _) do + def create(%{private: %{open_api_spex: %{body_params: params}}} = conn, _) do {:ok, invite} = UserInviteToken.create_invite(params) render(conn, "show.json", invite: invite) end @doc "Revokes invite by token" - def revoke(%{body_params: %{token: token}} = conn, _) do + def revoke(%{private: %{open_api_spex: %{body_params: %{token: token}}}} = conn, _) do with {:ok, invite} <- UserInviteToken.find_by_token(token), {:ok, updated_invite} = UserInviteToken.update_invite(invite, %{used: true}) do render(conn, "show.json", invite: updated_invite) @@ -51,7 +51,13 @@ defmodule Pleroma.Web.AdminAPI.InviteController do end @doc "Sends registration invite via email" - def email(%{assigns: %{user: user}, body_params: %{email: email} = params} = conn, _) do + def email( + %{ + assigns: %{user: user}, + private: %{open_api_spex: %{body_params: %{email: email} = params}} + } = conn, + _ + ) do with {_, false} <- {:registrations_open, Config.get([:instance, :registrations_open])}, {_, true} <- {:invites_enabled, Config.get([:instance, :invites_enabled])}, {:ok, invite_token} <- UserInviteToken.create_invite(), diff --git a/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex b/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex index 4d53f5451..8b43ea90f 100644 --- a/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex @@ -11,7 +11,7 @@ defmodule Pleroma.Web.AdminAPI.MediaProxyCacheController do @cachex Pleroma.Config.get([:cachex, :provider], Cachex) - plug(Pleroma.Web.ApiSpec.CastAndValidate) + plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false) plug( OAuthScopesPlug, @@ -27,7 +27,7 @@ defmodule Pleroma.Web.AdminAPI.MediaProxyCacheController do defdelegate open_api_operation(action), to: Spec.MediaProxyCacheOperation - def index(%{assigns: %{user: _}} = conn, params) do + def index(%{assigns: %{user: _}, private: %{open_api_spex: %{params: params}}} = conn, _) do entries = fetch_entries(params) urls = paginate_entries(entries, params.page, params.page_size) @@ -59,12 +59,19 @@ defmodule Pleroma.Web.AdminAPI.MediaProxyCacheController do Enum.slice(entries, offset, page_size) end - def delete(%{assigns: %{user: _}, body_params: %{urls: urls}} = conn, _) do + def delete( + %{assigns: %{user: _}, private: %{open_api_spex: %{body_params: %{urls: urls}}}} = conn, + _ + ) do MediaProxy.remove_from_banned_urls(urls) json(conn, %{}) end - def purge(%{assigns: %{user: _}, body_params: %{urls: urls, ban: ban}} = conn, _) do + def purge( + %{assigns: %{user: _}, private: %{open_api_spex: %{body_params: %{urls: urls, ban: ban}}}} = + conn, + _ + ) do MediaProxy.Invalidation.purge(urls) if ban do diff --git a/lib/pleroma/web/admin_api/controllers/relay_controller.ex b/lib/pleroma/web/admin_api/controllers/relay_controller.ex index 2e83fe139..1f36d3be5 100644 --- a/lib/pleroma/web/admin_api/controllers/relay_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/relay_controller.ex @@ -11,7 +11,7 @@ defmodule Pleroma.Web.AdminAPI.RelayController do require Logger - plug(Pleroma.Web.ApiSpec.CastAndValidate) + plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false) plug( OAuthScopesPlug, @@ -31,7 +31,13 @@ defmodule Pleroma.Web.AdminAPI.RelayController do end end - def follow(%{assigns: %{user: admin}, body_params: %{relay_url: target}} = conn, _) do + def follow( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{body_params: %{relay_url: target}}} + } = conn, + _ + ) do with {:ok, _message} <- Relay.follow(target) do ModerationLog.insert_log(%{action: "relay_follow", actor: admin, target: target}) @@ -44,7 +50,13 @@ defmodule Pleroma.Web.AdminAPI.RelayController do end end - def unfollow(%{assigns: %{user: admin}, body_params: %{relay_url: target} = params} = conn, _) do + def unfollow( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{body_params: %{relay_url: target} = params}} + } = conn, + _ + ) do with {:ok, _message} <- Relay.unfollow(target, %{force: params[:force]}) do ModerationLog.insert_log(%{action: "relay_unfollow", actor: admin, target: target}) diff --git a/lib/pleroma/web/admin_api/controllers/report_controller.ex b/lib/pleroma/web/admin_api/controllers/report_controller.ex index 15cbbcc3e..89d8cc820 100644 --- a/lib/pleroma/web/admin_api/controllers/report_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/report_controller.ex @@ -18,7 +18,7 @@ defmodule Pleroma.Web.AdminAPI.ReportController do require Logger - plug(Pleroma.Web.ApiSpec.CastAndValidate) + plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false) plug(OAuthScopesPlug, %{scopes: ["admin:read:reports"]} when action in [:index, :show]) plug( @@ -31,13 +31,13 @@ defmodule Pleroma.Web.AdminAPI.ReportController do defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.ReportOperation - def index(conn, params) do + def index(%{private: %{open_api_spex: %{params: params}}} = conn, _) do reports = Utils.get_reports(params, params.page, params.page_size) render(conn, "index.json", reports: reports) end - def show(conn, %{id: id}) do + def show(%{private: %{open_api_spex: %{params: %{id: id}}}} = conn, _) do with %Activity{} = report <- Activity.get_report(id) do render(conn, "show.json", Report.extract_report_info(report)) else @@ -45,7 +45,13 @@ defmodule Pleroma.Web.AdminAPI.ReportController do end end - def update(%{assigns: %{user: admin}, body_params: %{reports: reports}} = conn, _) do + def update( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{body_params: %{reports: reports}}} + } = conn, + _ + ) do result = Enum.map(reports, fn report -> case CommonAPI.update_report_state(report.id, report.state) do @@ -73,9 +79,13 @@ defmodule Pleroma.Web.AdminAPI.ReportController do end end - def notes_create(%{assigns: %{user: user}, body_params: %{content: content}} = conn, %{ - id: report_id - }) do + def notes_create( + %{ + assigns: %{user: user}, + private: %{open_api_spex: %{body_params: %{content: content}, params: %{id: report_id}}} + } = conn, + _ + ) do with {:ok, _} <- ReportNote.create(user.id, report_id, content), report <- Activity.get_by_id_with_user_actor(report_id) do ModerationLog.insert_log(%{ @@ -92,10 +102,20 @@ defmodule Pleroma.Web.AdminAPI.ReportController do end end - def notes_delete(%{assigns: %{user: user}} = conn, %{ - id: note_id, - report_id: report_id - }) do + def notes_delete( + %{ + assigns: %{user: user}, + private: %{ + open_api_spex: %{ + params: %{ + id: note_id, + report_id: report_id + } + } + } + } = conn, + _ + ) do with {:ok, note} <- ReportNote.destroy(note_id), report <- Activity.get_by_id_with_user_actor(report_id) do ModerationLog.insert_log(%{ diff --git a/lib/pleroma/web/admin_api/controllers/rule_controller.ex b/lib/pleroma/web/admin_api/controllers/rule_controller.ex new file mode 100644 index 000000000..43b2f209a --- /dev/null +++ b/lib/pleroma/web/admin_api/controllers/rule_controller.ex @@ -0,0 +1,62 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.RuleController do + use Pleroma.Web, :controller + + alias Pleroma.Repo + alias Pleroma.Rule + alias Pleroma.Web.Plugs.OAuthScopesPlug + + import Pleroma.Web.ControllerHelper, + only: [ + json_response: 3 + ] + + plug(Pleroma.Web.ApiSpec.CastAndValidate) + + plug( + OAuthScopesPlug, + %{scopes: ["admin:write"]} + when action in [:create, :update, :delete] + ) + + plug(OAuthScopesPlug, %{scopes: ["admin:read"]} when action == :index) + + action_fallback(AdminAPI.FallbackController) + + defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.RuleOperation + + def index(conn, _) do + rules = + Rule.query() + |> Repo.all() + + render(conn, "index.json", rules: rules) + end + + def create(%{body_params: params} = conn, _) do + rule = + params + |> Rule.create() + + render(conn, "show.json", rule: rule) + end + + def update(%{body_params: params} = conn, %{id: id}) do + rule = + params + |> Rule.update(id) + + render(conn, "show.json", rule: rule) + end + + def delete(conn, %{id: id}) do + with {:ok, _} <- Rule.delete(id) do + json(conn, %{}) + else + _ -> json_response(conn, :bad_request, "") + end + end +end diff --git a/lib/pleroma/web/admin_api/controllers/user_controller.ex b/lib/pleroma/web/admin_api/controllers/user_controller.ex index 7b4ee46a4..9ac275396 100644 --- a/lib/pleroma/web/admin_api/controllers/user_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/user_controller.ex @@ -18,7 +18,7 @@ defmodule Pleroma.Web.AdminAPI.UserController do @users_page_size 50 - plug(Pleroma.Web.ApiSpec.CastAndValidate) + plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false) plug( OAuthScopesPlug, @@ -51,13 +51,22 @@ defmodule Pleroma.Web.AdminAPI.UserController do defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.UserOperation - def delete(conn, %{nickname: nickname}) do + def delete(%{private: %{open_api_spex: %{params: %{nickname: nickname}}}} = conn, _) do conn - |> Map.put(:body_params, %{nicknames: [nickname]}) - |> delete(%{}) + |> do_deletes([nickname]) end - def delete(%{assigns: %{user: admin}, body_params: %{nicknames: nicknames}} = conn, _) do + def delete( + %{ + private: %{open_api_spex: %{body_params: %{nicknames: nicknames}}} + } = conn, + _ + ) do + conn + |> do_deletes(nicknames) + end + + defp do_deletes(%{assigns: %{user: admin}} = conn, nicknames) when is_list(nicknames) do users = Enum.map(nicknames, &User.get_cached_by_nickname/1) Enum.each(users, fn user -> @@ -77,9 +86,13 @@ defmodule Pleroma.Web.AdminAPI.UserController do def follow( %{ assigns: %{user: admin}, - body_params: %{ - follower: follower_nick, - followed: followed_nick + private: %{ + open_api_spex: %{ + body_params: %{ + follower: follower_nick, + followed: followed_nick + } + } } } = conn, _ @@ -102,9 +115,13 @@ defmodule Pleroma.Web.AdminAPI.UserController do def unfollow( %{ assigns: %{user: admin}, - body_params: %{ - follower: follower_nick, - followed: followed_nick + private: %{ + open_api_spex: %{ + body_params: %{ + follower: follower_nick, + followed: followed_nick + } + } } } = conn, _ @@ -124,7 +141,13 @@ defmodule Pleroma.Web.AdminAPI.UserController do json(conn, "ok") end - def create(%{assigns: %{user: admin}, body_params: %{users: users}} = conn, _) do + def create( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{body_params: %{users: users}}} + } = conn, + _ + ) do changesets = users |> Enum.map(fn %{nickname: nickname, email: email, password: password} -> @@ -178,7 +201,13 @@ defmodule Pleroma.Web.AdminAPI.UserController do end end - def show(%{assigns: %{user: admin}} = conn, %{nickname: nickname}) do + def show( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{params: %{nickname: nickname}}} + } = conn, + _ + ) do with %User{} = user <- User.get_cached_by_nickname_or_id(nickname, for: admin) do render(conn, "show.json", %{user: user}) else @@ -186,7 +215,11 @@ defmodule Pleroma.Web.AdminAPI.UserController do end end - def toggle_activation(%{assigns: %{user: admin}} = conn, %{nickname: nickname}) do + def toggle_activation( + %{assigns: %{user: admin}, private: %{open_api_spex: %{params: %{nickname: nickname}}}} = + conn, + _ + ) do user = User.get_cached_by_nickname(nickname) {:ok, updated_user} = User.set_activation(user, !user.is_active) @@ -202,7 +235,13 @@ defmodule Pleroma.Web.AdminAPI.UserController do render(conn, "show.json", user: updated_user) end - def activate(%{assigns: %{user: admin}, body_params: %{nicknames: nicknames}} = conn, _) do + def activate( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{body_params: %{nicknames: nicknames}}} + } = conn, + _ + ) do users = Enum.map(nicknames, &User.get_cached_by_nickname/1) {:ok, updated_users} = User.set_activation(users, true) @@ -212,10 +251,16 @@ defmodule Pleroma.Web.AdminAPI.UserController do action: "activate" }) - render(conn, "index.json", users: Keyword.values(updated_users)) + render(conn, "index.json", users: updated_users) end - def deactivate(%{assigns: %{user: admin}, body_params: %{nicknames: nicknames}} = conn, _) do + def deactivate( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{body_params: %{nicknames: nicknames}}} + } = conn, + _ + ) do users = Enum.map(nicknames, &User.get_cached_by_nickname/1) {:ok, updated_users} = User.set_activation(users, false) @@ -225,10 +270,16 @@ defmodule Pleroma.Web.AdminAPI.UserController do action: "deactivate" }) - render(conn, "index.json", users: Keyword.values(updated_users)) + render(conn, "index.json", users: updated_users) end - def approve(%{assigns: %{user: admin}, body_params: %{nicknames: nicknames}} = conn, _) do + def approve( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{body_params: %{nicknames: nicknames}}} + } = conn, + _ + ) do users = Enum.map(nicknames, &User.get_cached_by_nickname/1) {:ok, updated_users} = User.approve(users) @@ -241,7 +292,13 @@ defmodule Pleroma.Web.AdminAPI.UserController do render(conn, "index.json", users: updated_users) end - def suggest(%{assigns: %{user: admin}, body_params: %{nicknames: nicknames}} = conn, _) do + def suggest( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{body_params: %{nicknames: nicknames}}} + } = conn, + _ + ) do users = Enum.map(nicknames, &User.get_cached_by_nickname/1) {:ok, updated_users} = User.set_suggestion(users, true) @@ -254,7 +311,13 @@ defmodule Pleroma.Web.AdminAPI.UserController do render(conn, "index.json", users: updated_users) end - def unsuggest(%{assigns: %{user: admin}, body_params: %{nicknames: nicknames}} = conn, _) do + def unsuggest( + %{ + assigns: %{user: admin}, + private: %{open_api_spex: %{body_params: %{nicknames: nicknames}}} + } = conn, + _ + ) do users = Enum.map(nicknames, &User.get_cached_by_nickname/1) {:ok, updated_users} = User.set_suggestion(users, false) @@ -267,7 +330,7 @@ defmodule Pleroma.Web.AdminAPI.UserController do render(conn, "index.json", users: updated_users) end - def index(conn, params) do + def index(%{private: %{open_api_spex: %{params: params}}} = conn, _) do {page, page_size} = page_params(params) filters = maybe_parse_filters(params[:filters]) |