Home Explore Help
Sign In
RISCI_ATOM
/
mastodon
mirror of https://github.com/tootsuite/mastodon.git
1
0
Fork 0
Files Issues 8 Wiki
Tree: d099cf67c0
Branches Tags
mastodon
/
app
/
controllers
/
api
/
base_controller.rb

base_controller.rb 4.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. class Api::BaseController < ApplicationController
    4. 

  4.   DEFAULT_STATUSES_LIMIT = 20
    5. 

  5.   DEFAULT_ACCOUNTS_LIMIT = 40
    6. 

  6. 

  7.   include Api::RateLimitHeaders
    8. 

  8.   include Api::AccessTokenTrackingConcern
    9. 

  9.   include Api::CachingConcern
    10. 

  10.   include Api::ContentSecurityPolicy
    11. 

  11. 

  12.   skip_before_action :require_functional!, unless: :limited_federation_mode?
    13. 

  13. 

  14.   before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
    15. 

  15.   before_action :require_not_suspended!
    16. 

  16. 

  17.   vary_by 'Authorization'
    18. 

  18. 

  19.   protect_from_forgery with: :null_session
    20. 

  20. 

  21.   rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
    22. 

  22.     render json: { error: e.to_s }, status: 422
    23. 

  23.   end
    24. 

  24. 

  25.   rescue_from ActiveRecord::RecordNotUnique do
    26. 

  26.     render json: { error: 'Duplicate record' }, status: 422
    27. 

  27.   end
    28. 

  28. 

  29.   rescue_from Date::Error do
    30. 

  30.     render json: { error: 'Invalid date supplied' }, status: 422
    31. 

  31.   end
    32. 

  32. 

  33.   rescue_from ActiveRecord::RecordNotFound do
    34. 

  34.     render json: { error: 'Record not found' }, status: 404
    35. 

  35.   end
    36. 

  36. 

  37.   rescue_from HTTP::Error, Mastodon::UnexpectedResponseError do
    38. 

  38.     render json: { error: 'Remote data could not be fetched' }, status: 503
    39. 

  39.   end
    40. 

  40. 

  41.   rescue_from OpenSSL::SSL::SSLError do
    42. 

  42.     render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
    43. 

  43.   end
    44. 

  44. 

  45.   rescue_from Mastodon::NotPermittedError do
    46. 

  46.     render json: { error: 'This action is not allowed' }, status: 403
    47. 

  47.   end
    48. 

  48. 

  49.   rescue_from Seahorse::Client::NetworkingError do |e|
    50. 

  50.     Rails.logger.warn "Storage server error: #{e}"
    51. 

  51.     render json: { error: 'There was a temporary problem serving your request, please try again' }, status: 503
    52. 

  52.   end
    53. 

  53. 

  54.   rescue_from Mastodon::RaceConditionError, Stoplight::Error::RedLight do
    55. 

  55.     render json: { error: 'There was a temporary problem serving your request, please try again' }, status: 503
    56. 

  56.   end
    57. 

  57. 

  58.   rescue_from Mastodon::RateLimitExceededError do
    59. 

  59.     render json: { error: I18n.t('errors.429') }, status: 429
    60. 

  60.   end
    61. 

  61. 

  62.   rescue_from ActionController::ParameterMissing, Mastodon::InvalidParameterError do |e|
    63. 

  63.     render json: { error: e.to_s }, status: 400
    64. 

  64.   end
    65. 

  65. 

  66.   def doorkeeper_unauthorized_render_options(error: nil)
    67. 

  67.     { json: { error: error.try(:description) || 'Not authorized' } }
    68. 

  68.   end
    69. 

  69. 

  70.   def doorkeeper_forbidden_render_options(*)
    71. 

  71.     { json: { error: 'This action is outside the authorized scopes' } }
    72. 

  72.   end
    73. 

  73. 

  74.   protected
    75. 

  75. 

  76.   def set_pagination_headers(next_path = nil, prev_path = nil)
    77. 

  77.     links = []
    78. 

  78.     links << [next_path, [%w(rel next)]] if next_path
    79. 

  79.     links << [prev_path, [%w(rel prev)]] if prev_path
    80. 

  80.     response.headers['Link'] = LinkHeader.new(links) unless links.empty?
    81. 

  81.   end
    82. 

  82. 

  83.   def limit_param(default_limit)
    84. 

  84.     return default_limit unless params[:limit]
    85. 

  85. 

  86.     [params[:limit].to_i.abs, default_limit * 2].min
    87. 

  87.   end
    88. 

  88. 

  89.   def params_slice(*keys)
    90. 

  90.     params.slice(*keys).permit(*keys)
    91. 

  91.   end
    92. 

  92. 

  93.   def current_resource_owner
    94. 

  94.     @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
    95. 

  95.   end
    96. 

  96. 

  97.   def current_user
    98. 

  98.     current_resource_owner || super
    99. 

  99.   rescue ActiveRecord::RecordNotFound
    100. 

  100.     nil
    101. 

  101.   end
    102. 

  102. 

  103.   def require_authenticated_user!
    104. 

  104.     render json: { error: 'This method requires an authenticated user' }, status: 401 unless current_user
    105. 

  105.   end
    106. 

  106. 

  107.   def require_not_suspended!
    108. 

  108.     render json: { error: 'Your login is currently disabled' }, status: 403 if current_user&.account&.unavailable?
    109. 

  109.   end
    110. 

  110. 

  111.   def require_user!
    112. 

  112.     if !current_user
    113. 

  113.       render json: { error: 'This method requires an authenticated user' }, status: 422
    114. 

  114.     elsif !current_user.confirmed?
    115. 

  115.       render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403
    116. 

  116.     elsif !current_user.approved?
    117. 

  117.       render json: { error: 'Your login is currently pending approval' }, status: 403
    118. 

  118.     elsif !current_user.functional?
    119. 

  119.       render json: { error: 'Your login is currently disabled' }, status: 403
    120. 

  120.     else
    121. 

  121.       update_user_sign_in
    122. 

  122.     end
    123. 

  123.   end
    124. 

  124. 

  125.   def render_empty
    126. 

  126.     render json: {}, status: 200
    127. 

  127.   end
    128. 

  128. 

  129.   def authorize_if_got_token!(*scopes)
    130. 

  130.     doorkeeper_authorize!(*scopes) if doorkeeper_token
    131. 

  131.   end
    132. 

  132. 

  133.   def disallow_unauthenticated_api_access?
    134. 

  134.     ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.limited_federation_mode
    135. 

  135.   end
    136. 

  136. 

  137.   private
    138. 

  138. 

  139.   def respond_with_error(code)
    140. 

  140.     render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code
    141. 

  141.   end
    142. 

  142. end
    143.