statuses_controller.rb 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. # frozen_string_literal: true
  2. class StatusesController < ApplicationController
  3. include StatusControllerConcern
  4. include SignatureAuthentication
  5. include Authorization
  6. include AccountOwnedConcern
  7. layout 'public'
  8. before_action :require_signature!, only: [:show, :activity], if: -> { request.format == :json && authorized_fetch_mode? }
  9. before_action :set_status
  10. before_action :set_instance_presenter
  11. before_action :set_link_headers
  12. before_action :redirect_to_original, only: :show
  13. before_action :set_referrer_policy_header, only: :show
  14. before_action :set_cache_headers
  15. before_action :set_body_classes
  16. skip_around_action :set_locale, if: -> { request.format == :json }
  17. skip_before_action :require_functional!, only: [:show, :embed], unless: :whitelist_mode?
  18. content_security_policy only: :embed do |p|
  19. p.frame_ancestors(false)
  20. end
  21. def show
  22. respond_to do |format|
  23. format.html do
  24. expires_in 10.seconds, public: true if current_account.nil?
  25. set_ancestors
  26. set_descendants
  27. end
  28. format.json do
  29. expires_in 3.minutes, public: @status.distributable? && public_fetch_mode?
  30. render_with_cache json: @status, content_type: 'application/activity+json', serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter
  31. end
  32. end
  33. end
  34. def activity
  35. expires_in 3.minutes, public: @status.distributable? && public_fetch_mode?
  36. render_with_cache json: ActivityPub::ActivityPresenter.from_status(@status), content_type: 'application/activity+json', serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter
  37. end
  38. def embed
  39. return not_found if @status.hidden? || @status.reblog?
  40. expires_in 180, public: true
  41. response.headers['X-Frame-Options'] = 'ALLOWALL'
  42. render layout: 'embedded'
  43. end
  44. private
  45. def set_body_classes
  46. @body_classes = 'with-modals'
  47. end
  48. def set_link_headers
  49. response.headers['Link'] = LinkHeader.new([[ActivityPub::TagManager.instance.uri_for(@status), [%w(rel alternate), %w(type application/activity+json)]]])
  50. end
  51. def set_status
  52. @status = @account.statuses.find(params[:id])
  53. authorize @status, :show?
  54. rescue Mastodon::NotPermittedError
  55. not_found
  56. end
  57. def set_instance_presenter
  58. @instance_presenter = InstancePresenter.new
  59. end
  60. def redirect_to_original
  61. redirect_to ActivityPub::TagManager.instance.url_for(@status.reblog) if @status.reblog?
  62. end
  63. def set_referrer_policy_header
  64. response.headers['Referrer-Policy'] = 'origin' unless @status.distributable?
  65. end
  66. end