diff options
Diffstat (limited to 'lib')
10 files changed, 91 insertions, 31 deletions
diff --git a/lib/pleroma/conversation.ex b/lib/pleroma/conversation.ex index 8812b456d..828e27450 100644 --- a/lib/pleroma/conversation.ex +++ b/lib/pleroma/conversation.ex @@ -61,9 +61,8 @@ defmodule Pleroma.Conversation do "Create" <- activity.data["type"], %Object{} = object <- Object.normalize(activity, fetch: false), true <- object.data["type"] in ["Note", "Question"], - ap_id when is_binary(ap_id) and byte_size(ap_id) > 0 <- object.data["context"] do - {:ok, conversation} = create_for_ap_id(ap_id) - + ap_id when is_binary(ap_id) and byte_size(ap_id) > 0 <- object.data["context"], + {:ok, conversation} <- create_for_ap_id(ap_id) do users = User.get_users_from_set(activity.recipients, local_only: false) participations = diff --git a/lib/pleroma/conversation/participation.ex b/lib/pleroma/conversation/participation.ex index da5e57714..e0a3af28b 100644 --- a/lib/pleroma/conversation/participation.ex +++ b/lib/pleroma/conversation/participation.ex @@ -220,4 +220,8 @@ defmodule Pleroma.Conversation.Participation do select: %{count: count(p.id)} ) end + + def delete(%__MODULE__{} = participation) do + Repo.delete(participation) + end end diff --git a/lib/pleroma/web/api_spec/operations/conversation_operation.ex b/lib/pleroma/web/api_spec/operations/conversation_operation.ex index 367f4125a..17ed1af5e 100644 --- a/lib/pleroma/web/api_spec/operations/conversation_operation.ex +++ b/lib/pleroma/web/api_spec/operations/conversation_operation.ex @@ -46,16 +46,31 @@ defmodule Pleroma.Web.ApiSpec.ConversationOperation do tags: ["Conversations"], summary: "Mark conversation as read", operationId: "ConversationController.mark_as_read", - parameters: [ - Operation.parameter(:id, :path, :string, "Conversation ID", - example: "123", - required: true - ) - ], + parameters: [id_param()], security: [%{"oAuth" => ["write:conversations"]}], responses: %{ 200 => Operation.response("Conversation", "application/json", Conversation) } } end + + def delete_operation do + %Operation{ + tags: ["Conversations"], + summary: "Remove conversation", + operationId: "ConversationController.delete", + parameters: [id_param()], + security: [%{"oAuth" => ["write:conversations"]}], + responses: %{ + 200 => empty_object_response() + } + } + end + + def id_param do + Operation.parameter(:id, :path, :string, "Conversation ID", + example: "123", + required: true + ) + end end diff --git a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex index a7e4d93f5..dd3b39c77 100644 --- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex @@ -3,6 +3,11 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.MastodonAPI.AppController do + @moduledoc """ + Controller for supporting app-related actions. + If authentication is an option, app tokens (user-unbound) must be supported. + """ + use Pleroma.Web, :controller alias Pleroma.Repo @@ -17,11 +22,9 @@ defmodule Pleroma.Web.MastodonAPI.AppController do plug( :skip_plug, [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] - when action == :create + when action in [:create, :verify_credentials] ) - plug(OAuthScopesPlug, %{scopes: ["read"]} when action == :verify_credentials) - plug(Pleroma.Web.ApiSpec.CastAndValidate) @local_mastodon_name "Mastodon-Local" @@ -44,10 +47,13 @@ defmodule Pleroma.Web.MastodonAPI.AppController do end end - @doc "GET /api/v1/apps/verify_credentials" - def verify_credentials(%{assigns: %{user: _user, token: token}} = conn, _) do - with %Token{app: %App{} = app} <- Repo.preload(token, :app) do - render(conn, "short.json", app: app) + @doc """ + GET /api/v1/apps/verify_credentials + Gets compact non-secret representation of the app. Supports app tokens and user tokens. + """ + def verify_credentials(%{assigns: %{token: %Token{} = token}} = conn, _) do + with %{app: %App{} = app} <- Repo.preload(token, :app) do + render(conn, "compact_non_secret.json", app: app) end end end diff --git a/lib/pleroma/web/mastodon_api/controllers/conversation_controller.ex b/lib/pleroma/web/mastodon_api/controllers/conversation_controller.ex index 4526d3c7a..f2a0949e8 100644 --- a/lib/pleroma/web/mastodon_api/controllers/conversation_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/conversation_controller.ex @@ -36,4 +36,13 @@ defmodule Pleroma.Web.MastodonAPI.ConversationController do render(conn, "participation.json", participation: participation, for: user) end end + + @doc "DELETE /api/v1/conversations/:id" + def delete(%{assigns: %{user: user}} = conn, %{id: participation_id}) do + with %Participation{} = participation <- + Repo.get_by(Participation, id: participation_id, user_id: user.id), + {:ok, _} <- Participation.delete(participation) do + json(conn, %{}) + end + end end diff --git a/lib/pleroma/web/mastodon_api/views/app_view.ex b/lib/pleroma/web/mastodon_api/views/app_view.ex index 3d7131e09..c406b5a27 100644 --- a/lib/pleroma/web/mastodon_api/views/app_view.ex +++ b/lib/pleroma/web/mastodon_api/views/app_view.ex @@ -34,10 +34,10 @@ defmodule Pleroma.Web.MastodonAPI.AppView do |> with_vapid_key() end - def render("short.json", %{app: %App{website: webiste, client_name: name}}) do + def render("compact_non_secret.json", %{app: %App{website: website, client_name: name}}) do %{ name: name, - website: webiste + website: website } |> with_vapid_key() end diff --git a/lib/pleroma/web/plugs/ensure_authenticated_plug.ex b/lib/pleroma/web/plugs/ensure_authenticated_plug.ex index a4b5dc257..31e7410d6 100644 --- a/lib/pleroma/web/plugs/ensure_authenticated_plug.ex +++ b/lib/pleroma/web/plugs/ensure_authenticated_plug.ex @@ -3,6 +3,10 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Plugs.EnsureAuthenticatedPlug do + @moduledoc """ + Ensures _user_ authentication (app-bound user-unbound tokens are not accepted). + """ + import Plug.Conn import Pleroma.Web.TranslationHelpers diff --git a/lib/pleroma/web/plugs/ensure_public_or_authenticated_plug.ex b/lib/pleroma/web/plugs/ensure_public_or_authenticated_plug.ex index b6dfc4f3c..8a8532f41 100644 --- a/lib/pleroma/web/plugs/ensure_public_or_authenticated_plug.ex +++ b/lib/pleroma/web/plugs/ensure_public_or_authenticated_plug.ex @@ -3,6 +3,11 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug do + @moduledoc """ + Ensures instance publicity or _user_ authentication + (app-bound user-unbound tokens are accepted only if the instance is public). + """ + import Pleroma.Web.TranslationHelpers import Plug.Conn diff --git a/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex b/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex index 3a2b5dda8..534b0cff1 100644 --- a/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex +++ b/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex @@ -28,6 +28,11 @@ defmodule Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug do end end + # App-bound token case (obtained with client_id and client_secret) + def call(%{assigns: %{token: %Token{user_id: nil}}} = conn, _) do + assign(conn, :user, nil) + end + def call(conn, _) do conn |> assign(:user, nil) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 1a27bc63d..d71011033 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -37,11 +37,13 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug) end - pipeline :expect_authentication do + # Note: expects _user_ authentication (user-unbound app-bound tokens don't qualify) + pipeline :expect_user_authentication do plug(Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug) end - pipeline :expect_public_instance_or_authentication do + # Note: expects public instance or _user_ authentication (user-unbound tokens don't qualify) + pipeline :expect_public_instance_or_user_authentication do plug(Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug) end @@ -66,23 +68,30 @@ defmodule Pleroma.Web.Router do plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec) end - pipeline :api do - plug(:expect_public_instance_or_authentication) + pipeline :no_auth_or_privacy_expectations_api do plug(:base_api) plug(:after_auth) plug(Pleroma.Web.Plugs.IdempotencyPlug) end + # Pipeline for app-related endpoints (no user auth checks — app-bound tokens must be supported) + pipeline :app_api do + plug(:no_auth_or_privacy_expectations_api) + end + + pipeline :api do + plug(:expect_public_instance_or_user_authentication) + plug(:no_auth_or_privacy_expectations_api) + end + pipeline :authenticated_api do - plug(:expect_authentication) - plug(:base_api) - plug(:after_auth) + plug(:expect_user_authentication) + plug(:no_auth_or_privacy_expectations_api) plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug) - plug(Pleroma.Web.Plugs.IdempotencyPlug) end pipeline :admin_api do - plug(:expect_authentication) + plug(:expect_user_authentication) plug(:base_api) plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug) plug(:after_auth) @@ -439,10 +448,9 @@ defmodule Pleroma.Web.Router do post("/accounts/:id/mute", AccountController, :mute) post("/accounts/:id/unmute", AccountController, :unmute) - get("/apps/verify_credentials", AppController, :verify_credentials) - get("/conversations", ConversationController, :index) post("/conversations/:id/read", ConversationController, :mark_as_read) + delete("/conversations/:id", ConversationController, :delete) get("/domain_blocks", DomainBlockController, :index) post("/domain_blocks", DomainBlockController, :create) @@ -532,6 +540,13 @@ defmodule Pleroma.Web.Router do end scope "/api/v1", Pleroma.Web.MastodonAPI do + pipe_through(:app_api) + + post("/apps", AppController, :create) + get("/apps/verify_credentials", AppController, :verify_credentials) + end + + scope "/api/v1", Pleroma.Web.MastodonAPI do pipe_through(:api) get("/accounts/search", SearchController, :account_search) @@ -547,8 +562,6 @@ defmodule Pleroma.Web.Router do get("/instance", InstanceController, :show) get("/instance/peers", InstanceController, :peers) - post("/apps", AppController, :create) - get("/statuses", StatusController, :index) get("/statuses/:id", StatusController, :show) get("/statuses/:id/context", StatusController, :context) |