1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
use Pleroma.Web, :controller
require Logger
alias Pleroma.Plugs.OAuthScopesPlug
@unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
# Note: :index action handles attempt of unauthenticated access to private instance with redirect
plug(
OAuthScopesPlug,
Map.merge(@unauthenticated_access, %{scopes: ["read"], skip_instance_privacy_check: true})
when action == :index
)
plug(
OAuthScopesPlug,
%{scopes: ["read"]} when action in [:suggestions, :verify_app_credentials]
)
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
plug(
OAuthScopesPlug,
%{@unauthenticated_access | scopes: ["read:statuses"]} when action == :get_poll
)
plug(OAuthScopesPlug, %{scopes: ["write:statuses"]} when action == :poll_vote)
plug(OAuthScopesPlug, %{scopes: ["read:favourites"]} when action == :favourites)
plug(OAuthScopesPlug, %{scopes: ["write:media"]} when action in [:upload, :update_media])
plug(
OAuthScopesPlug,
%{scopes: ["follow", "read:blocks"]} when action == :blocks
)
# To do: POST /api/v1/follows is not present in Mastodon; consider removing the action
plug(
OAuthScopesPlug,
%{scopes: ["follow", "write:follows"]} when action == :follows
)
plug(OAuthScopesPlug, %{scopes: ["follow", "read:mutes"]} when action == :mutes)
# Note: scope not present in Mastodon: read:bookmarks
plug(OAuthScopesPlug, %{scopes: ["read:bookmarks"]} when action == :bookmarks)
# An extra safety measure for possible actions not guarded by OAuth permissions specification
plug(
Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
when action not in [
:create_app,
:index,
:login,
:logout,
:password_reset,
:masto_instance,
:peers,
:custom_emojis
]
)
plug(RateLimiter, :password_reset when action == :password_reset)
@local_mastodon_name "Mastodon-Local"
action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
# Stubs for unimplemented mastodon api
#
def empty_array(conn, _) do
Logger.debug("Unimplemented, returning an empty array")
json(conn, [])
end
def empty_object(conn, _) do
Logger.debug("Unimplemented, returning an empty object")
json(conn, %{})
end
end
|
