1 files changed, 97 insertions, 36 deletions

diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex
index af6e22c2b..2fb6ce41b 100644
--- a/lib/pleroma/web/ostatus/ostatus_controller.ex
+++ b/lib/pleroma/web/ostatus/ostatus_controller.ex
@@ -1,26 +1,42 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.OStatus.OStatusController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.{User, Activity, Object}
-  alias Pleroma.Web.OStatus.{FeedRepresenter, ActivityRepresenter}
-  alias Pleroma.Repo
-  alias Pleroma.Web.{OStatus, Federator}
-  alias Pleroma.Web.XML
-  alias Pleroma.Web.ActivityPub.ObjectView
-  alias Pleroma.Web.ActivityPub.ActivityPubController
+  alias Pleroma.Activity
+  alias Pleroma.Object
+  alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.ActivityPubController
+  alias Pleroma.Web.ActivityPub.ObjectView
+  alias Pleroma.Web.ActivityPub.Visibility
+  alias Pleroma.Web.Federator
+  alias Pleroma.Web.OStatus
+  alias Pleroma.Web.OStatus.ActivityRepresenter
+  alias Pleroma.Web.OStatus.FeedRepresenter
+  alias Pleroma.Web.XML
 
   plug(Pleroma.Web.FederatingPlug when action in [:salmon_incoming])
+
   action_fallback(:errors)
 
   def feed_redirect(conn, %{"nickname" => nickname}) do
     case get_format(conn) do
       "html" ->
-        Fallback.RedirectController.redirector(conn, nil)
+        with %User{} = user <- User.get_cached_by_nickname_or_id(nickname) do
+          Fallback.RedirectController.redirector_with_meta(conn, %{user: user})
+        else
+          nil -> {:error, :not_found}
+        end
 
       "activity+json" ->
         ActivityPubController.call(conn, :user)
 
+      "json" ->
+        ActivityPubController.call(conn, :user)
+
       _ ->
         with %User{} = user <- User.get_cached_by_nickname(nickname) do
           redirect(conn, external: OStatus.feed_path(user))
@@ -75,20 +91,20 @@ defmodule Pleroma.Web.OStatus.OStatusController do
     {:ok, body, _conn} = read_body(conn)
     {:ok, doc} = decode_or_retry(body)
 
-    Federator.enqueue(:incoming_doc, doc)
+    Federator.incoming_doc(doc)
 
     conn
     |> send_resp(200, "")
   end
 
   def object(conn, %{"uuid" => uuid}) do
-    if get_format(conn) == "activity+json" do
+    if get_format(conn) in ["activity+json", "json"] do
       ActivityPubController.call(conn, :object)
     else
       with id <- o_status_url(conn, :object, uuid),
            {_, %Activity{} = activity} <-
-             {:activity, Activity.get_create_activity_by_object_ap_id(id)},
-           {_, true} <- {:public?, ActivityPub.is_public?(activity)},
+             {:activity, Activity.get_create_by_object_ap_id_with_object(id)},
+           {_, true} <- {:public?, Visibility.is_public?(activity)},
            %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
         case get_format(conn) do
           "html" -> redirect(conn, to: "/notice/#{activity.id}")
@@ -108,65 +124,110 @@ defmodule Pleroma.Web.OStatus.OStatusController do
   end
 
   def activity(conn, %{"uuid" => uuid}) do
-    with id <- o_status_url(conn, :activity, uuid),
-         {_, %Activity{} = activity} <- {:activity, Activity.normalize(id)},
-         {_, true} <- {:public?, ActivityPub.is_public?(activity)},
-         %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
-      case format = get_format(conn) do
-        "html" -> redirect(conn, to: "/notice/#{activity.id}")
-        _ -> represent_activity(conn, format, activity, user)
-      end
+    if get_format(conn) in ["activity+json", "json"] do
+      ActivityPubController.call(conn, :activity)
     else
-      {:public?, false} ->
-        {:error, :not_found}
+      with id <- o_status_url(conn, :activity, uuid),
+           {_, %Activity{} = activity} <- {:activity, Activity.normalize(id)},
+           {_, true} <- {:public?, Visibility.is_public?(activity)},
+           %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
+        case format = get_format(conn) do
+          "html" -> redirect(conn, to: "/notice/#{activity.id}")
+          _ -> represent_activity(conn, format, activity, user)
+        end
+      else
+        {:public?, false} ->
+          {:error, :not_found}
 
-      {:activity, nil} ->
-        {:error, :not_found}
+        {:activity, nil} ->
+          {:error, :not_found}
 
-      e ->
-        e
+        e ->
+          e
+      end
     end
   end
 
   def notice(conn, %{"id" => id}) do
-    with {_, %Activity{} = activity} <- {:activity, Repo.get(Activity, id)},
-         {_, true} <- {:public?, ActivityPub.is_public?(activity)},
+    with {_, %Activity{} = activity} <- {:activity, Activity.get_by_id_with_object(id)},
+         {_, true} <- {:public?, Visibility.is_public?(activity)},
          %User{} = user <- User.get_cached_by_ap_id(activity.data["actor"]) do
       case format = get_format(conn) do
         "html" ->
-          conn
-          |> put_resp_content_type("text/html")
-          |> send_file(200, Application.app_dir(:pleroma, "priv/static/index.html"))
+          if activity.data["type"] == "Create" do
+            %Object{} = object = Object.normalize(activity)
+
+            Fallback.RedirectController.redirector_with_meta(conn, %{
+              activity_id: activity.id,
+              object: object,
+              url:
+                Pleroma.Web.Router.Helpers.o_status_url(
+                  Pleroma.Web.Endpoint,
+                  :notice,
+                  activity.id
+                ),
+              user: user
+            })
+          else
+            Fallback.RedirectController.redirector(conn, nil)
+          end
 
         _ ->
           represent_activity(conn, format, activity, user)
       end
     else
       {:public?, false} ->
-        {:error, :not_found}
+        conn
+        |> put_status(404)
+        |> Fallback.RedirectController.redirector(nil, 404)
 
       {:activity, nil} ->
-        {:error, :not_found}
+        conn
+        |> Fallback.RedirectController.redirector(nil, 404)
 
       e ->
         e
     end
   end
 
+  # Returns an HTML embedded <audio> or <video> player suitable for embed iframes.
+  def notice_player(conn, %{"id" => id}) do
+    with %Activity{data: %{"type" => "Create"}} = activity <- Activity.get_by_id_with_object(id),
+         true <- Visibility.is_public?(activity),
+         %Object{} = object <- Object.normalize(activity),
+         %{data: %{"attachment" => [%{"url" => [url | _]} | _]}} <- object,
+         true <- String.starts_with?(url["mediaType"], ["audio", "video"]) do
+      conn
+      |> put_layout(:metadata_player)
+      |> put_resp_header("x-frame-options", "ALLOW")
+      |> put_resp_header(
+        "content-security-policy",
+        "default-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data: https:; media-src 'self' https:;"
+      )
+      |> put_view(Pleroma.Web.Metadata.PlayerView)
+      |> render("player.html", url)
+    else
+      _error ->
+        conn
+        |> put_status(404)
+        |> Fallback.RedirectController.redirector(nil, 404)
+    end
+  end
+
   defp represent_activity(
          conn,
          "activity+json",
          %Activity{data: %{"type" => "Create"}} = activity,
-         user
+         _user
        ) do
-    object = Object.normalize(activity.data["object"])
+    object = Object.normalize(activity)
 
     conn
     |> put_resp_header("content-type", "application/activity+json")
     |> json(ObjectView.render("object.json", %{object: object}))
   end
 
-  defp represent_activity(conn, "activity+json", _, _) do
+  defp represent_activity(_conn, "activity+json", _, _) do
     {:error, :not_found}
   end