lib/pleroma/web/twitter_api/controller.ex


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.TwitterAPI.Controller do
  use Pleroma.Web, :controller

  alias Pleroma.Notification
  alias Pleroma.User
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.TwitterAPI.TokenView

  require Logger

  plug(
    OAuthScopesPlug,
    %{scopes: ["write:notifications"]} when action == :mark_notifications_as_read
  )

  plug(
    :skip_plug,
    [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :confirm_email
  )

  plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])

  action_fallback(:errors)

  def confirm_email(conn, %{"user_id" => uid, "token" => token}) do
    with %User{} = user <- User.get_cached_by_id(uid),
         true <- user.local and !user.is_confirmed and user.confirmation_token == token,
         {:ok, _} <- User.confirm(user) do
      redirect(conn, to: "/")
    end
  end

  def oauth_tokens(%{assigns: %{user: user}} = conn, _params) do
    with oauth_tokens <- Token.get_user_tokens(user) do
      conn
      |> put_view(TokenView)
      |> render("index.json", %{tokens: oauth_tokens})
    end
  end

  def revoke_token(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do
    Token.delete_user_token(user, id)

    json_reply(conn, 201, "")
  end

  defp errors(conn, {:param_cast, _}) do
    conn
    |> put_status(400)
    |> json("Invalid parameters")
  end

  defp errors(conn, _) do
    conn
    |> put_status(500)
    |> json("Something went wrong")
  end

  defp json_reply(conn, status, json) do
    conn
    |> put_resp_content_type("application/json")
    |> send_resp(status, json)
  end

  def mark_notifications_as_read(
        %{assigns: %{user: user}} = conn,
        %{"latest_id" => latest_id} = params
      ) do
    Notification.set_read_up_to(user, latest_id)

    notifications = Notification.for_user(user, params)

    conn
    # XXX: This is a hack because pleroma-fe still uses that API.
    |> put_view(Pleroma.Web.MastodonAPI.NotificationView)
    |> render("index.json", %{notifications: notifications, for: user})
  end

  def mark_notifications_as_read(%{assigns: %{user: _user}} = conn, _) do
    bad_request_reply(conn, "You need to specify latest_id")
  end

  defp bad_request_reply(conn, error_message) do
    json = error_json(conn, error_message)
    json_reply(conn, 400, json)
  end

  defp error_json(conn, error_message) do
    %{"error" => error_message, "request" => conn.request_path} |> Jason.encode!()
  end
end