statuses_controller.rb 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. # frozen_string_literal: true
  2. class Api::V1::StatusesController < Api::BaseController
  3. include Authorization
  4. before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :update, :destroy]
  5. before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only: [:create, :update, :destroy]
  6. before_action :require_user!, except: [:show, :context]
  7. before_action :set_status, only: [:show, :context]
  8. before_action :set_thread, only: [:create]
  9. override_rate_limit_headers :create, family: :statuses
  10. override_rate_limit_headers :update, family: :statuses
  11. # This API was originally unlimited, pagination cannot be introduced without
  12. # breaking backwards-compatibility. Arbitrarily high number to cover most
  13. # conversations as quasi-unlimited, it would be too much work to render more
  14. # than this anyway
  15. CONTEXT_LIMIT = 4_096
  16. # This remains expensive and we don't want to show everything to logged-out users
  17. ANCESTORS_LIMIT = 40
  18. DESCENDANTS_LIMIT = 60
  19. DESCENDANTS_DEPTH_LIMIT = 20
  20. def show
  21. cache_if_unauthenticated!
  22. @status = cache_collection([@status], Status).first
  23. render json: @status, serializer: REST::StatusSerializer
  24. end
  25. def context
  26. cache_if_unauthenticated!
  27. ancestors_limit = CONTEXT_LIMIT
  28. descendants_limit = CONTEXT_LIMIT
  29. descendants_depth_limit = nil
  30. if current_account.nil?
  31. ancestors_limit = ANCESTORS_LIMIT
  32. descendants_limit = DESCENDANTS_LIMIT
  33. descendants_depth_limit = DESCENDANTS_DEPTH_LIMIT
  34. end
  35. ancestors_results = @status.in_reply_to_id.nil? ? [] : @status.ancestors(ancestors_limit, current_account)
  36. descendants_results = @status.descendants(descendants_limit, current_account, descendants_depth_limit)
  37. loaded_ancestors = cache_collection(ancestors_results, Status)
  38. loaded_descendants = cache_collection(descendants_results, Status)
  39. @context = Context.new(ancestors: loaded_ancestors, descendants: loaded_descendants)
  40. statuses = [@status] + @context.ancestors + @context.descendants
  41. render json: @context, serializer: REST::ContextSerializer, relationships: StatusRelationshipsPresenter.new(statuses, current_user&.account_id)
  42. end
  43. def create
  44. @status = PostStatusService.new.call(
  45. current_user.account,
  46. text: status_params[:status],
  47. thread: @thread,
  48. media_ids: status_params[:media_ids],
  49. sensitive: status_params[:sensitive],
  50. spoiler_text: status_params[:spoiler_text],
  51. visibility: status_params[:visibility],
  52. language: status_params[:language],
  53. scheduled_at: status_params[:scheduled_at],
  54. application: doorkeeper_token.application,
  55. poll: status_params[:poll],
  56. allowed_mentions: status_params[:allowed_mentions],
  57. idempotency: request.headers['Idempotency-Key'],
  58. with_rate_limit: true
  59. )
  60. render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer
  61. rescue PostStatusService::UnexpectedMentionsError => e
  62. unexpected_accounts = ActiveModel::Serializer::CollectionSerializer.new(
  63. e.accounts,
  64. serializer: REST::AccountSerializer
  65. )
  66. render json: { error: e.message, unexpected_accounts: unexpected_accounts }, status: 422
  67. end
  68. def update
  69. @status = Status.where(account: current_account).find(params[:id])
  70. authorize @status, :update?
  71. UpdateStatusService.new.call(
  72. @status,
  73. current_account.id,
  74. text: status_params[:status],
  75. media_ids: status_params[:media_ids],
  76. media_attributes: status_params[:media_attributes],
  77. sensitive: status_params[:sensitive],
  78. language: status_params[:language],
  79. spoiler_text: status_params[:spoiler_text],
  80. poll: status_params[:poll]
  81. )
  82. render json: @status, serializer: REST::StatusSerializer
  83. end
  84. def destroy
  85. @status = Status.where(account: current_account).find(params[:id])
  86. authorize @status, :destroy?
  87. @status.discard_with_reblogs
  88. StatusPin.find_by(status: @status)&.destroy
  89. @status.account.statuses_count = @status.account.statuses_count - 1
  90. json = render_to_body json: @status, serializer: REST::StatusSerializer, source_requested: true
  91. RemovalWorker.perform_async(@status.id, { 'redraft' => true })
  92. render json: json
  93. end
  94. private
  95. def set_status
  96. @status = Status.find(params[:id])
  97. authorize @status, :show?
  98. rescue Mastodon::NotPermittedError
  99. not_found
  100. end
  101. def set_thread
  102. @thread = Status.find(status_params[:in_reply_to_id]) if status_params[:in_reply_to_id].present?
  103. authorize(@thread, :show?) if @thread.present?
  104. rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
  105. render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404
  106. end
  107. def status_params
  108. params.permit(
  109. :status,
  110. :in_reply_to_id,
  111. :sensitive,
  112. :spoiler_text,
  113. :visibility,
  114. :language,
  115. :scheduled_at,
  116. allowed_mentions: [],
  117. media_ids: [],
  118. media_attributes: [
  119. :id,
  120. :thumbnail,
  121. :description,
  122. :focus,
  123. ],
  124. poll: [
  125. :multiple,
  126. :hide_totals,
  127. :expires_in,
  128. options: [],
  129. ]
  130. )
  131. end
  132. def pagination_params(core_params)
  133. params.slice(:limit).permit(:limit).merge(core_params)
  134. end
  135. end