diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/plugs/http_security_plug.ex | 1 | ||||
| -rw-r--r-- | lib/pleroma/user.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 7 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/twitter_api_controller.ex | 9 |
4 files changed, 15 insertions, 4 deletions
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 960c7f6bf..31c7332f8 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -32,7 +32,6 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do [ "default-src 'none'", "base-uri 'self'", - "form-action *", "frame-ancestors 'none'", "img-src 'self' data: https:", "media-src 'self' https:", diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index be634a8e1..6e1d5559d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -498,7 +498,7 @@ defmodule Pleroma.User do Repo.all(query) end - def search(query, resolve) do + def search(query, resolve \\ false) do # strip the beginning @ off if there is a query query = String.trim_leading(query, "@") diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 5e81db00b..462369806 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -250,7 +250,12 @@ defmodule Pleroma.Web.Router do get("/statuses/networkpublic_timeline", TwitterAPI.Controller, :public_and_external_timeline) end - scope "/api", Pleroma.Web do + scope "/api", Pleroma.Web, as: :twitter_api_search do + pipe_through(:api) + get("/pleroma/search_user", TwitterAPI.Controller, :search_user) + end + + scope "/api", Pleroma.Web, as: :authenticated_twitter_api do pipe_through(:authenticated_api) get("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials) diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index dfcafdcc9..cd0e2121c 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -130,7 +130,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do query = ActivityPub.fetch_activities_query( [user.ap_id], - Map.merge(params, %{"type" => "Create", visibility: "direct"}) + Map.merge(params, %{"type" => "Create", "user" => user, visibility: "direct"}) ) activities = Repo.all(query) @@ -529,6 +529,13 @@ defmodule Pleroma.Web.TwitterAPI.Controller do |> render(ActivityView, "index.json", %{activities: activities, for: user}) end + def search_user(%{assigns: %{user: user}} = conn, %{"query" => query}) do + users = User.search(query, true) + + conn + |> render(UserView, "index.json", %{users: users, for: user}) + end + defp bad_request_reply(conn, error_message) do json = error_json(conn, error_message) json_reply(conn, 400, json) |