commit
a8ca030d85
@ -0,0 +1,15 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Maps do
|
||||
def put_if_present(map, key, value, value_function \\ &{:ok, &1}) when is_map(map) do
|
||||
with false <- is_nil(key),
|
||||
false <- is_nil(value),
|
||||
{:ok, new_value} <- value_function.(value) do
|
||||
Map.put(map, key, new_value)
|
||||
else
|
||||
_ -> map
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,152 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.ConfigController do
|
||||
use Pleroma.Web, :controller
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.ConfigDB
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
|
||||
@descriptions Pleroma.Docs.JSON.compile()
|
||||
|
||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||
plug(OAuthScopesPlug, %{scopes: ["write"], admin: true} when action == :update)
|
||||
|
||||
plug(
|
||||
OAuthScopesPlug,
|
||||
%{scopes: ["read"], admin: true}
|
||||
when action in [:show, :descriptions]
|
||||
)
|
||||
|
||||
action_fallback(Pleroma.Web.AdminAPI.FallbackController)
|
||||
|
||||
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.ConfigOperation
|
||||
|
||||
def descriptions(conn, _params) do
|
||||
descriptions = Enum.filter(@descriptions, &whitelisted_config?/1)
|
||||
|
||||
json(conn, descriptions)
|
||||
end
|
||||
|
||||
def show(conn, %{only_db: true}) do
|
||||
with :ok <- configurable_from_database() do
|
||||
configs = Pleroma.Repo.all(ConfigDB)
|
||||
render(conn, "index.json", %{configs: configs})
|
||||
end
|
||||
end
|
||||
|
||||
def show(conn, _params) do
|
||||
with :ok <- configurable_from_database() do
|
||||
configs = ConfigDB.get_all_as_keyword()
|
||||
|
||||
merged =
|
||||
Config.Holder.default_config()
|
||||
|> ConfigDB.merge(configs)
|
||||
|> Enum.map(fn {group, values} ->
|
||||
Enum.map(values, fn {key, value} ->
|
||||
db =
|
||||
if configs[group][key] do
|
||||
ConfigDB.get_db_keys(configs[group][key], key)
|
||||
end
|
||||
|
||||
db_value = configs[group][key]
|
||||
|
||||
merged_value =
|
||||
if not is_nil(db_value) and Keyword.keyword?(db_value) and
|
||||
ConfigDB.sub_key_full_update?(group, key, Keyword.keys(db_value)) do
|
||||
ConfigDB.merge_group(group, key, value, db_value)
|
||||
else
|
||||
value
|
||||
end
|
||||
|
||||
%{
|
||||
group: ConfigDB.convert(group),
|
||||
key: ConfigDB.convert(key),
|
||||
value: ConfigDB.convert(merged_value)
|
||||
}
|
||||
|> Pleroma.Maps.put_if_present(:db, db)
|
||||
end)
|
||||
end)
|
||||
|> List.flatten()
|
||||
|
||||
json(conn, %{configs: merged, need_reboot: Restarter.Pleroma.need_reboot?()})
|
||||
end
|
||||
end
|
||||
|
||||
def update(%{body_params: %{configs: configs}} = conn, _) do
|
||||
with :ok <- configurable_from_database() do
|
||||
results =
|
||||
configs
|
||||
|> Enum.filter(&whitelisted_config?/1)
|
||||
|> Enum.map(fn
|
||||
%{group: group, key: key, delete: true} = params ->
|
||||
ConfigDB.delete(%{group: group, key: key, subkeys: params[:subkeys]})
|
||||
|
||||
%{group: group, key: key, value: value} ->
|
||||
ConfigDB.update_or_create(%{group: group, key: key, value: value})
|
||||
end)
|
||||
|> Enum.reject(fn {result, _} -> result == :error end)
|
||||
|
||||
{deleted, updated} =
|
||||
results
|
||||
|> Enum.map(fn {:ok, config} ->
|
||||
Map.put(config, :db, ConfigDB.get_db_keys(config))
|
||||
end)
|
||||
|> Enum.split_with(fn config ->
|
||||
Ecto.get_meta(config, :state) == :deleted
|
||||
end)
|
||||
|
||||
Config.TransferTask.load_and_update_env(deleted, false)
|
||||
|
||||
if not Restarter.Pleroma.need_reboot?() do
|
||||
changed_reboot_settings? =
|
||||
(updated ++ deleted)
|
||||
|> Enum.any?(fn config ->
|
||||
group = ConfigDB.from_string(config.group)
|
||||
key = ConfigDB.from_string(config.key)
|
||||
value = ConfigDB.from_binary(config.value)
|
||||
Config.TransferTask.pleroma_need_restart?(group, key, value)
|
||||
end)
|
||||
|
||||
if changed_reboot_settings?, do: Restarter.Pleroma.need_reboot()
|
||||
end
|
||||
|
||||
render(conn, "index.json", %{
|
||||
configs: updated,
|
||||
need_reboot: Restarter.Pleroma.need_reboot?()
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
defp configurable_from_database do
|
||||
if Config.get(:configurable_from_database) do
|
||||
:ok
|
||||
else
|
||||
{:error, "To use this endpoint you need to enable configuration from database."}
|
||||
end
|
||||
end
|
||||
|
||||
defp whitelisted_config?(group, key) do
|
||||
if whitelisted_configs = Config.get(:database_config_whitelist) do
|
||||
Enum.any?(whitelisted_configs, fn
|
||||
{whitelisted_group} ->
|
||||
group == inspect(whitelisted_group)
|
||||
|
||||
{whitelisted_group, whitelisted_key} ->
|
||||
group == inspect(whitelisted_group) && key == inspect(whitelisted_key)
|
||||
end)
|
||||
else
|
||||
true
|
||||
end
|
||||
end
|
||||
|
||||
defp whitelisted_config?(%{group: group, key: key}) do
|
||||
whitelisted_config?(group, key)
|
||||
end
|
||||
|
||||
defp whitelisted_config?(%{group: group} = config) do
|
||||
whitelisted_config?(group, config[:key])
|
||||
end
|
||||
end
|
@ -0,0 +1,78 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.InviteController do
|
||||
use Pleroma.Web, :controller
|
||||
|
||||
import Pleroma.Web.ControllerHelper, only: [json_response: 3]
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
alias Pleroma.UserInviteToken
|
||||
|
||||
require Logger
|
||||
|
||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||
plug(OAuthScopesPlug, %{scopes: ["read:invites"], admin: true} when action == :index)
|
||||
|
||||
plug(
|
||||
OAuthScopesPlug,
|
||||
%{scopes: ["write:invites"], admin: true} when action in [:create, :revoke, :email]
|
||||
)
|
||||
|
||||
action_fallback(Pleroma.Web.AdminAPI.FallbackController)
|
||||
|
||||
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.InviteOperation
|
||||
|
||||
@doc "Get list of created invites"
|
||||
def index(conn, _params) do
|
||||
invites = UserInviteToken.list_invites()
|
||||
|
||||
render(conn, "index.json", invites: invites)
|
||||
end
|
||||
|
||||
@doc "Create an account registration invite token"
|
||||
def create(%{body_params: params} = conn, _) do
|
||||
{:ok, invite} = UserInviteToken.create_invite(params)
|
||||
|
||||
render(conn, "show.json", invite: invite)
|
||||
end
|
||||
|
||||
@doc "Revokes invite by token"
|
||||
def revoke(%{body_params: %{token: token}} = conn, _) do
|
||||
with {:ok, invite} <- UserInviteToken.find_by_token(token),
|
||||
{:ok, updated_invite} = UserInviteToken.update_invite(invite, %{used: true}) do
|
||||
render(conn, "show.json", invite: updated_invite)
|
||||
else
|
||||
nil -> {:error, :not_found}
|
||||
error -> error
|
||||
end
|
||||
end
|
||||
|
||||
@doc "Sends registration invite via email"
|
||||
def email(%{assigns: %{user: user}, body_params: %{email: email} = params} = conn, _) do
|
||||
with {_, false} <- {:registrations_open, Config.get([:instance, :registrations_open])},
|
||||
{_, true} <- {:invites_enabled, Config.get([:instance, :invites_enabled])},
|
||||
{:ok, invite_token} <- UserInviteToken.create_invite(),
|
||||
{:ok, _} <-
|
||||
user
|
||||
|> Pleroma.Emails.UserEmail.user_invitation_email(
|
||||
invite_token,
|
||||
email,
|
||||
params[:name]
|
||||
)
|
||||
|> Pleroma.Emails.Mailer.deliver() do
|
||||
json_response(conn, :no_content, "")
|
||||
else
|
||||
{:registrations_open, _} ->
|
||||
{:error, "To send invites you need to set the `registrations_open` option to false."}
|
||||
|
||||
{:invites_enabled, _} ->
|
||||
{:error, "To send invites you need to set the `invites_enabled` option to true."}
|
||||
|
||||
{:error, error} ->
|
||||
{:error, error}
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,77 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.OAuthAppController do
|
||||
use Pleroma.Web, :controller
|
||||
|
||||
import Pleroma.Web.ControllerHelper, only: [json_response: 3]
|
||||
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
alias Pleroma.Web.OAuth.App
|
||||
|
||||
require Logger
|
||||
|
||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||
plug(:put_view, Pleroma.Web.MastodonAPI.AppView)
|
||||
|
||||
plug(
|
||||
OAuthScopesPlug,
|
||||
%{scopes: ["write"], admin: true}
|
||||
when action in [:create, :index, :update, :delete]
|
||||
)
|
||||
|
||||
action_fallback(Pleroma.Web.AdminAPI.FallbackController)
|
||||
|
||||
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.OAuthAppOperation
|
||||
|
||||
def index(conn, params) do
|
||||
search_params =
|
||||
params
|
||||
|> Map.take([:client_id, :page, :page_size, :trusted])
|
||||
|> Map.put(:client_name, params[:name])
|
||||
|
||||
with {:ok, apps, count} <- App.search(search_params) do
|
||||
render(conn, "index.json",
|
||||
apps: apps,
|
||||
count: count,
|
||||
page_size: params.page_size,
|
||||
admin: true
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
def create(%{body_params: params} = conn, _) do
|
||||
params = Pleroma.Maps.put_if_present(params, :client_name, params[:name])
|
||||
|
||||
case App.create(params) do
|
||||
{:ok, app} ->
|
||||
render(conn, "show.json", app: app, admin: true)
|
||||
|
||||
{:error, changeset} ->
|
||||
json(conn, App.errors(changeset))
|
||||
end
|
||||
end
|
||||
|
||||
def update(%{body_params: params} = conn, %{id: id}) do
|
||||
params = Pleroma.Maps.put_if_present(params, :client_name, params[:name])
|
||||
|
||||
with {:ok, app} <- App.update(id, params) do
|
||||
render(conn, "show.json", app: app, admin: true)
|
||||
else
|
||||
{:error, changeset} ->
|
||||
json(conn, App.errors(changeset))
|
||||
|
||||
nil ->
|
||||
json_response(conn, :bad_request, "")
|
||||
end
|
||||
end
|
||||
|
||||
def delete(conn, params) do
|
||||
with {:ok, _app} <- App.destroy(params.id) do
|
||||
json_response(conn, :no_content, "")
|
||||
else
|
||||
_ -> json_response(conn, :bad_request, "")
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,107 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.ReportController do
|
||||
use Pleroma.Web, :controller
|
||||
|
||||
import Pleroma.Web.ControllerHelper, only: [json_response: 3]
|
||||
|
||||
alias Pleroma.Activity
|
||||
alias Pleroma.ModerationLog
|
||||
alias Pleroma.Plugs.OAuthScopesPlug
|
||||
alias Pleroma.ReportNote
|
||||
alias Pleroma.Web.ActivityPub.Utils
|
||||
alias Pleroma.Web.AdminAPI
|
||||
alias Pleroma.Web.AdminAPI.Report
|
||||
alias Pleroma.Web.CommonAPI
|
||||
|
||||
require Logger
|
||||
|
||||
plug(Pleroma.Web.ApiSpec.CastAndValidate)
|
||||
plug(OAuthScopesPlug, %{scopes: ["read:reports"], admin: true} when action in [:index, :show])
|
||||
|
||||
plug(
|
||||
OAuthScopesPlug,
|
||||
%{scopes: ["write:reports"], admin: true}
|
||||
when action in [:update, :notes_create, :notes_delete]
|
||||
)
|
||||
|
||||
action_fallback(AdminAPI.FallbackController)
|
||||
|
||||
defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.ReportOperation
|
||||
|
||||
def index(conn, params) do
|
||||
reports = Utils.get_reports(params, params.page, params.page_size)
|
||||
|
||||
render(conn, "index.json", reports: reports)
|
||||
end
|
||||
|
||||
def show(conn, %{id: id}) do
|
||||
with %Activity{} = report <- Activity.get_by_id(id) do
|
||||
render(conn, "show.json", Report.extract_report_info(report))
|
||||
else
|
||||
_ -> {:error, :not_found}
|
||||
end
|
||||
end
|
||||
|
||||
def update(%{assigns: %{user: admin}, body_params: %{reports: reports}} = conn, _) do
|
||||
result =
|
||||
Enum.map(reports, fn report ->
|
||||
case CommonAPI.update_report_state(report.id, report.state) do
|
||||
{:ok, activity} ->
|
||||
ModerationLog.insert_log(%{
|
||||
action: "report_update",
|
||||
actor: admin,
|
||||
subject: activity
|
||||
})
|
||||
|
||||
activity
|
||||
|
||||
{:error, message} ->
|
||||
%{id: report.id, error: message}
|
||||
end
|
||||
end)
|
||||
|
||||
if Enum.any?(result, &Map.has_key?(&1, :error)) do
|
||||
json_response(conn, :bad_request, result)
|
||||
else
|
||||
json_response(conn, :no_content, "")
|
||||
end
|
||||
end
|
||||
|
||||
def notes_create(%{assigns: %{user: user}, body_params: %{content: content}} = conn, %{
|
||||
id: report_id
|
||||
}) do
|
||||
with {:ok, _} <- ReportNote.create(user.id, report_id, content) do
|
||||
ModerationLog.insert_log(%{
|
||||
action: "report_note",
|
||||
actor: user,
|
||||
subject: Activity.get_by_id(report_id),
|
||||
text: content
|
||||
})
|
||||
|
||||
json_response(conn, :no_content, "")
|
||||
else
|
||||
_ -> json_response(conn, :bad_request, "")
|
||||
end
|
||||
end
|
||||
|
||||
def notes_delete(%{assigns: %{user: user}} = conn, %{
|
||||
id: note_id,
|
||||
report_id: report_id
|
||||
}) do
|
||||
with {:ok, note} <- ReportNote.destroy(note_id) do
|
||||
ModerationLog.insert_log(%{
|
||||
action: "report_note_delete",
|
||||
actor: user,
|
||||
subject: Activity.get_by_id(report_id),
|
||||
text: note.content
|
||||
})
|
||||
|
||||
json_response(conn, :no_content, "")
|
||||
else
|
||||
_ -> json_response(conn, :bad_request, "")
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,25 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.InviteView do
|
||||
use Pleroma.Web, :view
|
||||
|
||||
def render("index.json", %{invites: invites}) do
|
||||
%{
|
||||
invites: render_many(invites, __MODULE__, "show.json", as: :invite)
|
||||
}
|
||||
end
|
||||
|
||||
def render("show.json", %{invite: invite}) do
|
||||
%{
|
||||
"id" => invite.id,
|
||||
"token" => invite.token,
|
||||
"used" => invite.used,
|
||||
"expires_at" => invite.expires_at,
|
||||
"uses" => invite.uses,
|
||||
"max_use" => invite.max_use,
|
||||
"invite_type" => invite.invite_type
|
||||
}
|
||||
end
|
||||
end
|
@ -0,0 +1,142 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.ApiSpec.Admin.ConfigOperation do
|
||||
alias OpenApiSpex.Operation
|
||||
alias OpenApiSpex.Schema
|
||||
alias Pleroma.Web.ApiSpec.Schemas.ApiError
|
||||
|
||||
import Pleroma.Web.ApiSpec.Helpers
|
||||
|
||||
def open_api_operation(action) do
|
||||
operation = String.to_existing_atom("#{action}_operation")
|
||||
apply(__MODULE__, operation, [])
|
||||
end
|
||||
|
||||
def show_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Config"],
|
||||
summary: "Get list of merged default settings with saved in database",
|
||||
operationId: "AdminAPI.ConfigController.show",
|
||||
parameters: [
|
||||
Operation.parameter(
|
||||
:only_db,
|
||||
:query,
|
||||
%Schema{type: :boolean, default: false},
|
||||
"Get only saved in database settings"
|
||||
)
|
||||
],
|
||||
security: [%{"oAuth" => ["read"]}],
|
||||
responses: %{
|
||||
200 => Operation.response("Config", "application/json", config_response()),
|
||||
400 => Operation.response("Bad Request", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def update_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Config"],
|
||||
summary: "Update config settings",
|
||||
operationId: "AdminAPI.ConfigController.update",
|
||||
security: [%{"oAuth" => ["write"]}],
|
||||
requestBody:
|
||||
request_body("Parameters", %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
configs: %Schema{
|
||||
type: :array,
|
||||
items: %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
group: %Schema{type: :string},
|
||||
key: %Schema{type: :string},
|
||||
value: any(),
|
||||
delete: %Schema{type: :boolean},
|
||||
subkeys: %Schema{type: :array, items: %Schema{type: :string}}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}),
|
||||
responses: %{
|
||||
200 => Operation.response("Config", "application/json", config_response()),
|
||||
400 => Operation.response("Bad Request", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def descriptions_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Config"],
|
||||
summary: "Get JSON with config descriptions.",
|
||||
operationId: "AdminAPI.ConfigController.descriptions",
|
||||
security: [%{"oAuth" => ["read"]}],
|
||||
responses: %{
|
||||
200 =>
|
||||
Operation.response("Config Descriptions", "application/json", %Schema{
|
||||
type: :array,
|
||||
items: %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
group: %Schema{type: :string},
|
||||
key: %Schema{type: :string},
|
||||
type: %Schema{oneOf: [%Schema{type: :string}, %Schema{type: :array}]},
|
||||
description: %Schema{type: :string},
|
||||
children: %Schema{
|
||||
type: :array,
|
||||
items: %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
key: %Schema{type: :string},
|
||||
type: %Schema{oneOf: [%Schema{type: :string}, %Schema{type: :array}]},
|
||||
description: %Schema{type: :string},
|
||||
suggestions: %Schema{type: :array}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}),
|
||||
400 => Operation.response("Bad Request", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
defp any do
|
||||
%Schema{
|
||||
oneOf: [
|
||||
%Schema{type: :array},
|
||||
%Schema{type: :object},
|
||||
%Schema{type: :string},
|
||||
%Schema{type: :integer},
|
||||
%Schema{type: :boolean}
|
||||
]
|
||||
}
|
||||
end
|
||||
|
||||
defp config_response do
|
||||
%Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
configs: %Schema{
|
||||
type: :array,
|
||||
items: %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
group: %Schema{type: :string},
|
||||
key: %Schema{type: :string},
|
||||
value: any()
|
||||
}
|
||||
}
|
||||
},
|
||||
need_reboot: %Schema{
|
||||
type: :boolean,
|
||||
description:
|
||||
"If `need_reboot` is `true`, instance must be restarted, so reboot time settings can take effect"
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
@ -0,0 +1,148 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.ApiSpec.Admin.InviteOperation do
|
||||
alias OpenApiSpex.Operation
|
||||
alias OpenApiSpex.Schema
|
||||
alias Pleroma.Web.ApiSpec.Schemas.ApiError
|
||||
|
||||
import Pleroma.Web.ApiSpec.Helpers
|
||||
|
||||
def open_api_operation(action) do
|
||||
operation = String.to_existing_atom("#{action}_operation")
|
||||
apply(__MODULE__, operation, [])
|
||||
end
|
||||
|
||||
def index_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Invites"],
|
||||
summary: "Get a list of generated invites",
|
||||
operationId: "AdminAPI.InviteController.index",
|
||||
security: [%{"oAuth" => ["read:invites"]}],
|
||||
responses: %{
|
||||
200 =>
|
||||
Operation.response("Invites", "application/json", %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
invites: %Schema{type: :array, items: invite()}
|
||||
},
|
||||
example: %{
|
||||
"invites" => [
|
||||
%{
|
||||
"id" => 123,
|
||||
"token" => "kSQtDj_GNy2NZsL9AQDFIsHN5qdbguB6qRg3WHw6K1U=",
|
||||
"used" => true,
|
||||
"expires_at" => nil,
|
||||
"uses" => 0,
|
||||
"max_use" => nil,
|
||||
"invite_type" => "one_time"
|
||||
}
|
||||
]
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def create_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Invites"],
|
||||
summary: "Create an account registration invite token",
|
||||
operationId: "AdminAPI.InviteController.create",
|
||||
security: [%{"oAuth" => ["write:invites"]}],
|
||||
requestBody:
|
||||
request_body("Parameters", %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
max_use: %Schema{type: :integer},
|
||||
expires_at: %Schema{type: :string, format: :date, example: "2020-04-20"}
|
||||
}
|
||||
}),
|
||||
responses: %{
|
||||
200 => Operation.response("Invite", "application/json", invite())
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def revoke_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Invites"],
|
||||
summary: "Revoke invite by token",
|
||||
operationId: "AdminAPI.InviteController.revoke",
|
||||
security: [%{"oAuth" => ["write:invites"]}],
|
||||
requestBody:
|
||||
request_body(
|
||||
"Parameters",
|
||||
%Schema{
|
||||
type: :object,
|
||||
required: [:token],
|
||||
properties: %{
|
||||
token: %Schema{type: :string}
|
||||
}
|
||||
},
|
||||
required: true
|
||||
),
|
||||
responses: %{
|
||||
200 => Operation.response("Invite", "application/json", invite()),
|
||||
400 => Operation.response("Bad Request", "application/json", ApiError),
|
||||
404 => Operation.response("Not Found", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def email_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Invites"],
|
||||
summary: "Sends registration invite via email",
|
||||
operationId: "AdminAPI.InviteController.email",
|
||||
security: [%{"oAuth" => ["write:invites"]}],
|
||||
requestBody:
|
||||
request_body(
|
||||
"Parameters",
|
||||
%Schema{
|
||||
type: :object,
|
||||
required: [:email],
|
||||
properties: %{
|
||||
email: %Schema{type: :string, format: :email},
|
||||
name: %Schema{type: :string}
|
||||
}
|
||||
},
|
||||
required: true
|
||||
),
|
||||
responses: %{
|
||||
204 => no_content_response(),
|
||||
400 => Operation.response("Bad Request", "application/json", ApiError),
|
||||
403 => Operation.response("Forbidden", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
defp invite do
|
||||
%Schema{
|
||||
title: "Invite",
|
||||
type: :object,
|
||||
properties: %{
|
||||
id: %Schema{type: :integer},
|
||||
token: %Schema{type: :string},
|
||||
used: %Schema{type: :boolean},
|
||||
expires_at: %Schema{type: :string, format: :date, nullable: true},
|
||||
uses: %Schema{type: :integer},
|
||||
max_use: %Schema{type: :integer, nullable: true},
|
||||
invite_type: %Schema{
|
||||
type: :string,
|
||||
enum: ["one_time", "reusable", "date_limited", "reusable_date_limited"]
|
||||
}
|
||||
},
|
||||
example: %{
|
||||
"id" => 123,
|
||||
"token" => "kSQtDj_GNy2NZsL9AQDFIsHN5qdbguB6qRg3WHw6K1U=",
|
||||
"used" => true,
|
||||
"expires_at" => nil,
|
||||
"uses" => 0,
|
||||
"max_use" => nil,
|
||||
"invite_type" => "one_time"
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
@ -0,0 +1,215 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.ApiSpec.Admin.OAuthAppOperation do
|
||||
alias OpenApiSpex.Operation
|
||||
alias OpenApiSpex.Schema
|
||||
alias Pleroma.Web.ApiSpec.Schemas.ApiError
|
||||
|
||||
import Pleroma.Web.ApiSpec.Helpers
|
||||
|
||||
def open_api_operation(action) do
|
||||
operation = String.to_existing_atom("#{action}_operation")
|
||||
apply(__MODULE__, operation, [])
|
||||
end
|
||||
|
||||
def index_operation do
|
||||
%Operation{
|
||||
summary: "List OAuth apps",
|
||||
tags: ["Admin", "oAuth Apps"],
|
||||
operationId: "AdminAPI.OAuthAppController.index",
|
||||
security: [%{"oAuth" => ["write"]}],
|
||||
parameters: [
|
||||
Operation.parameter(:name, :query, %Schema{type: :string}, "App name"),
|
||||
Operation.parameter(:client_id, :query, %Schema{type: :string}, "Client ID"),
|
||||
Operation.parameter(:page, :query, %Schema{type: :integer, default: 1}, "Page"),
|
||||
Operation.parameter(
|
||||
:trusted,
|
||||
:query,
|
||||
%Schema{type: :boolean, default: false},
|
||||
"Trusted apps"
|
||||
),
|
||||
Operation.parameter(
|
||||
:page_size,
|
||||
:query,
|
||||
%Schema{type: :integer, default: 50},
|
||||
"Number of apps to return"
|
||||
)
|
||||
],
|
||||
responses: %{
|
||||
200 =>
|
||||
Operation.response("List of apps", "application/json", %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
apps: %Schema{type: :array, items: oauth_app()},
|
||||
count: %Schema{type: :integer},
|
||||
page_size: %Schema{type: :integer}
|
||||
},
|
||||
example: %{
|
||||
"apps" => [
|
||||
%{
|
||||
"id" => 1,
|
||||
"name" => "App name",
|
||||
"client_id" => "yHoDSiWYp5mPV6AfsaVOWjdOyt5PhWRiafi6MRd1lSk",
|
||||
"client_secret" => "nLmis486Vqrv2o65eM9mLQx_m_4gH-Q6PcDpGIMl6FY",
|
||||
"redirect_uri" => "https://example.com/oauth-callback",
|
||||
"website" => "https://example.com",
|
||||
"trusted" => true
|
||||
}
|
||||
],
|
||||
"count" => 1,
|
||||
"page_size" => 50
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def create_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "oAuth Apps"],
|
||||
summary: "Create OAuth App",
|
||||
operationId: "AdminAPI.OAuthAppController.create",
|
||||
requestBody: request_body("Parameters", create_request()),
|
||||
security: [%{"oAuth" => ["write"]}],
|
||||
responses: %{
|
||||
200 => Operation.response("App", "application/json", oauth_app()),
|
||||
400 => Operation.response("Bad Request", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def update_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "oAuth Apps"],
|
||||
summary: "Update OAuth App",
|
||||
operationId: "AdminAPI.OAuthAppController.update",
|
||||
parameters: [id_param()],
|
||||
security: [%{"oAuth" => ["write"]}],
|
||||
requestBody: request_body("Parameters", update_request()),
|
||||
responses: %{
|
||||
200 => Operation.response("App", "application/json", oauth_app()),
|
||||
400 =>
|
||||
Operation.response("Bad Request", "application/json", %Schema{
|
||||
oneOf: [ApiError, %Schema{type: :string}]
|
||||
})
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def delete_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "oAuth Apps"],
|
||||
summary: "Delete OAuth App",
|
||||
operationId: "AdminAPI.OAuthAppController.delete",
|
||||
parameters: [id_param()],
|
||||
security: [%{"oAuth" => ["write"]}],
|
||||
responses: %{
|
||||
204 => no_content_response(),
|
||||
400 => no_content_response()
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
defp create_request do
|
||||
%Schema{
|
||||
title: "oAuthAppCreateRequest",
|
||||
type: :object,
|
||||
required: [:name, :redirect_uris],
|
||||
properties: %{
|
||||
name: %Schema{type: :string, description: "Application Name"},
|
||||
scopes: %Schema{type: :array, items: %Schema{type: :string}, description: "oAuth scopes"},
|
||||
redirect_uris: %Schema{
|
||||
type: :string,
|
||||
description:
|
||||
"Where the user should be redirected after authorization. To display the authorization code to the user instead of redirecting to a web page, use `urn:ietf:wg:oauth:2.0:oob` in this parameter."
|
||||
},
|
||||
website: %Schema{
|
||||
type: :string,
|
||||
nullable: true,
|
||||
description: "A URL to the homepage of the app"
|
||||
},
|
||||
trusted: %Schema{
|
||||
type: :boolean,
|
||||
nullable: true,
|
||||
default: false,
|
||||
description: "Is the app trusted?"
|
||||
}
|
||||
},
|
||||
example: %{
|
||||
"name" => "My App",
|
||||
"redirect_uris" => "https://myapp.com/auth/callback",
|
||||
"website" => "https://myapp.com/",
|
||||
"scopes" => ["read", "write"],
|
||||
"trusted" => true
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
defp update_request do
|
||||
%Schema{
|
||||
title: "oAuthAppUpdateRequest",
|
||||
type: :object,
|
||||
properties: %{
|
||||
name: %Schema{type: :string, description: "Application Name"},
|
||||
scopes: %Schema{type: :array, items: %Schema{type: :string}, description: "oAuth scopes"},
|
||||
redirect_uris: %Schema{
|
||||
type: :string,
|
||||
description:
|
||||
"Where the user should be redirected after authorization. To display the authorization code to the user instead of redirecting to a web page, use `urn:ietf:wg:oauth:2.0:oob` in this parameter."
|
||||
},
|
||||
website: %Schema{
|
||||
type: :string,
|
||||
nullable: true,
|
||||
description: "A URL to the homepage of the app"
|
||||
},
|
||||
trusted: %Schema{
|
||||
type: :boolean,
|
||||
nullable: true,
|
||||
default: false,
|
||||
description: "Is the app trusted?"
|
||||
}
|
||||
},
|
||||
example: %{
|
||||
"name" => "My App",
|
||||
"redirect_uris" => "https://myapp.com/auth/callback",
|
||||
"website" => "https://myapp.com/",
|
||||
"scopes" => ["read", "write"],
|
||||
"trusted" => true
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
defp oauth_app do
|
||||
%Schema{
|
||||
title: "oAuthApp",
|
||||
type: :object,
|
||||
properties: %{
|
||||
id: %Schema{type: :integer},
|
||||
name: %Schema{type: :string},
|
||||
client_id: %Schema{type: :string},
|
||||
client_secret: %Schema{type: :string},
|
||||
redirect_uri: %Schema{type: :string},
|
||||
website: %Schema{type: :string, nullable: true},
|
||||
trusted: %Schema{type: :boolean}
|
||||
},
|
||||
example: %{
|
||||
"id" => 123,
|
||||
"name" => "My App",
|
||||
"client_id" => "TWhM-tNSuncnqN7DBJmoyeLnk6K3iJJ71KKXxgL1hPM",
|
||||
"client_secret" => "ZEaFUFmF0umgBX1qKJDjaU99Q31lDkOU8NutzTOoliw",
|
||||
"redirect_uri" => "https://myapp.com/oauth-callback",
|
||||
"website" => "https://myapp.com/",
|
||||
"trusted" => false
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def id_param do
|
||||
Operation.parameter(:id, :path, :integer, "App ID",
|
||||
example: 1337,
|
||||
required: true
|
||||
)
|
||||
end
|
||||
end
|
@ -0,0 +1,237 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.ApiSpec.Admin.ReportOperation do
|
||||
alias OpenApiSpex.Operation
|
||||
alias OpenApiSpex.Schema
|
||||
alias Pleroma.Web.ApiSpec.Schemas.Account
|
||||
alias Pleroma.Web.ApiSpec.Schemas.ApiError
|
||||
alias Pleroma.Web.ApiSpec.Schemas.FlakeID
|
||||
alias Pleroma.Web.ApiSpec.Schemas.Status
|
||||
|
||||
import Pleroma.Web.ApiSpec.Helpers
|
||||
|
||||
def open_api_operation(action) do
|
||||
operation = String.to_existing_atom("#{action}_operation")
|
||||
apply(__MODULE__, operation, [])
|
||||
end
|
||||
|
||||
def index_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Reports"],
|
||||
summary: "Get a list of reports",
|
||||
operationId: "AdminAPI.ReportController.index",
|
||||
security: [%{"oAuth" => ["read:reports"]}],
|
||||
parameters: [
|
||||
Operation.parameter(
|
||||
:state,
|
||||
:query,
|
||||
report_state(),
|
||||
"Filter by report state"
|
||||
),
|
||||
Operation.parameter(
|
||||
:limit,
|
||||
:query,
|
||||
%Schema{type: :integer},
|
||||
"The number of records to retrieve"
|
||||
),
|
||||
Operation.parameter(
|
||||
:page,
|
||||
:query,
|
||||
%Schema{type: :integer, default: 1},
|
||||
"Page number"
|
||||
),
|
||||
Operation.parameter(
|
||||
:page_size,
|
||||
:query,
|
||||
%Schema{type: :integer, default: 50},
|
||||
"Number number of log entries per page"
|
||||
)
|
||||
],
|
||||
responses: %{
|
||||
200 =>
|
||||
Operation.response("Response", "application/json", %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
total: %Schema{type: :integer},
|
||||
reports: %Schema{
|
||||
type: :array,
|
||||
items: report()
|
||||
}
|
||||
}
|
||||
}),
|
||||
403 => Operation.response("Forbidden", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def show_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Reports"],
|
||||
summary: "Get an individual report",
|
||||
operationId: "AdminAPI.ReportController.show",
|
||||
parameters: [id_param()],
|
||||
security: [%{"oAuth" => ["read:reports"]}],
|
||||
responses: %{
|
||||
200 => Operation.response("Report", "application/json", report()),
|
||||
404 => Operation.response("Not Found", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def update_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Reports"],
|
||||
summary: "Change the state of one or multiple reports",
|
||||
operationId: "AdminAPI.ReportController.update",
|
||||
security: [%{"oAuth" => ["write:reports"]}],
|
||||
requestBody: request_body("Parameters", update_request(), required: true),
|
||||
responses: %{
|
||||
204 => no_content_response(),
|
||||
400 => Operation.response("Bad Request", "application/json", update_400_response()),
|
||||
403 => Operation.response("Forbidden", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def notes_create_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Reports"],
|
||||
summary: "Create report note",
|
||||
operationId: "AdminAPI.ReportController.notes_create",
|
||||
parameters: [id_param()],
|
||||
requestBody:
|
||||
request_body("Parameters", %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
content: %Schema{type: :string, description: "The message"}
|
||||
}
|
||||
}),
|
||||
security: [%{"oAuth" => ["write:reports"]}],
|
||||
responses: %{
|
||||
204 => no_content_response(),
|
||||
404 => Operation.response("Not Found", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
def notes_delete_operation do
|
||||
%Operation{
|
||||
tags: ["Admin", "Reports"],
|
||||
summary: "Delete report note",
|
||||
operationId: "AdminAPI.ReportController.notes_delete",
|
||||
parameters: [
|
||||
Operation.parameter(:report_id, :path, :string, "Report ID"),
|
||||
Operation.parameter(:id, :path, :string, "Note ID")
|
||||
],
|
||||
security: [%{"oAuth" => ["write:reports"]}],
|
||||
responses: %{
|
||||
204 => no_content_response(),
|
||||
404 => Operation.response("Not Found", "application/json", ApiError)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
defp report_state do
|
||||
%Schema{type: :string, enum: ["open", "closed", "resolved"]}
|
||||
end
|
||||
|
||||
defp id_param do
|
||||
Operation.parameter(:id, :path, FlakeID, "Report ID",
|
||||
example: "9umDrYheeY451cQnEe",
|
||||
required: true
|
||||
)
|
||||
end
|
||||
|
||||
defp report do
|
||||
%Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
id: FlakeID,
|
||||
state: report_state(),
|
||||
account: account_admin(),
|
||||
actor: account_admin(),
|
||||
content: %Schema{type: :string},
|
||||
created_at: %Schema{type: :string, format: :"date-time"},
|
||||
statuses: %Schema{type: :array, items: Status},
|
||||
notes: %Schema{
|
||||
type: :array,
|
||||
items: %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
id: %Schema{type: :integer},
|
||||
user_id: FlakeID,
|
||||
content: %Schema{type: :string},
|
||||
inserted_at: %Schema{type: :string, format: :"date-time"}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
defp account_admin do
|
||||
%Schema{
|
||||
title: "Account",
|
||||
description: "Account view for admins",
|
||||
type: :object,
|
||||
properties:
|
||||
Map.merge(Account.schema().properties, %{
|
||||
nickname: %Schema{type: :string},
|
||||
deactivated: %Schema{type: :boolean},
|
||||
local: %Schema{type: :boolean},
|
||||
roles: %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
admin: %Schema{type: :boolean},
|
||||
moderator: %Schema{type: :boolean}
|
||||
}
|
||||
},
|
||||
confirmation_pending: %Schema{type: :boolean}
|
||||
})
|
||||
}
|
||||
end
|
||||
|
||||
defp update_request do
|
||||
%Schema{
|
||||
type: :object,
|
||||
required: [:reports],
|
||||
properties: %{
|
||||
reports: %Schema{
|
||||
type: :array,
|
||||
items: %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
id: %Schema{allOf: [FlakeID], description: "Required, report ID"},
|
||||
state: %Schema{
|
||||
type: :string,
|
||||
description:
|
||||
"Required, the new state. Valid values are `open`, `closed` and `resolved`"
|
||||
}
|
||||
}
|
||||
},
|
||||
example: %{
|
||||
"reports" => [
|
||||
%{"id" => "123", "state" => "closed"},
|
||||
%{"id" => "1337", "state" => "resolved"}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
defp update_400_response do
|
||||
%Schema{
|
||||
type: :array,
|
||||
items: %Schema{
|
||||
type: :object,
|
||||
properties: %{
|
||||
id: %Schema{allOf: [FlakeID], description: "Report ID"},
|
||||
error: %Schema{type: :string, description: "Error message"}
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
@ -0,0 +1,42 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.EmbedController do
|
||||
use Pleroma.Web, :controller
|
||||
|
||||
alias Pleroma.Activity
|
||||
alias Pleroma.Object
|
||||
alias Pleroma.User
|
||||
|
||||
alias Pleroma.Web.ActivityPub.Visibility
|
||||
|
||||
plug(:put_layout, :embed)
|
||||
|
||||
def show(conn, %{"id" => id}) do
|
||||
with %Activity{local: true} = activity <-
|
||||
Activity.get_by_id_with_object(id),
|
||||
true <- Visibility.is_public?(activity.object) do
|
||||
{:ok, author} = User.get_or_fetch(activity.object.data["actor"])
|
||||
|
||||
conn
|
||||
|> delete_resp_header("x-frame-options")
|
||||
|> delete_resp_header("content-security-policy")
|
||||
|> render("show.html",
|
||||
activity: activity,
|
||||
author: User.sanitize_html(author),
|
||||
counts: get_counts(activity)
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
defp get_counts(%Activity{} = activity) do
|
||||
%Object{data: data} = Object.normalize(activity)
|
||||
|
||||
%{
|
||||
likes: Map.get(data, "like_count", 0),
|
||||
replies: Map.get(data, "repliesCount", 0),
|
||||
announces: Map.get(data, "announcement_count", 0)
|
||||
}
|
||||
end
|
||||
end
|
@ -0,0 +1,8 @@
|
||||
<%= case @mediaType do %>
|
||||
<% "audio" -> %>
|
||||
<audio src="<%= @url %>" controls="controls"></audio>
|
||||
<% "video" -> %>
|
||||
<video src="<%= @url %>" controls="controls"></video>
|
||||
<% _ -> %>
|
||||
<img src="<%= @url %>" alt="<%= @name %>" title="<%= @name %>">
|
||||
<% end %>
|
@ -0,0 +1,76 @@
|
||||
<div>
|
||||
<div class="p-author h-card">
|
||||
<a class="u-url" rel="author noopener" href="<%= @author.ap_id %>">
|
||||
<div class="avatar">
|
||||
<img src="<%= User.avatar_url(@author) |> MediaProxy.url %>" width="48" height="48" alt="">
|
||||
</div>
|
||||
<span class="display-name" style="padding-left: 0.5em;">
|
||||
<bdi><%= raw (@author.name |> Formatter.emojify(@author.emoji)) %></bdi>
|
||||
<span class="nickname"><%= full_nickname(@author) %></span>
|
||||
</span>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<div class="activity-content" >
|
||||
<%= if status_title(@activity) != "" do %>
|
||||
<details <%= if open_content?() do %>open<% end %>>
|
||||
<summary><%= raw status_title(@activity) %></summary>
|
||||
<div><%= activity_content(@activity) %></div>
|
||||
</details>
|
||||
<% else %>
|
||||
<div><%= activity_content(@activity) %></div>
|
||||
<% end %>
|
||||
<%= for %{"name" => name, "url" => [url | _]} <- attachments(@activity) do %>
|
||||
<div class="attachment">
|
||||
<%= if sensitive?(@activity) do %>
|
||||
<details class="nsfw">
|
||||
<summary onClick="updateHeight()"><%= Gettext.gettext("sensitive media") %></summary>
|
||||
<div class="nsfw-content">
|
||||
<%= render("_attachment.html", %{name: name, url: url["href"],
|
||||
mediaType: fetch_media_type(url)}) %>
|
||||
</div>
|
||||
</details>
|
||||
<% else %>
|
||||
<%= render("_attachment.html", %{name: name, url: url["href"],
|
||||
mediaType: fetch_media_type(url)}) %>
|
||||
<% end %>
|
||||
</div>
|
||||
<% end %>
|
||||
</div>
|
||||
|
||||
<dl class="counts pull-right">
|
||||
<dt><%= Gettext.gettext("replies") %></dt><dd><%= @counts.replies %></dd>
|
||||
<dt><%= Gettext.gettext("announces") %></dt><dd><%= @counts.announces %></dd>
|
||||
<dt><%= Gettext.gettext("likes") %></dt><dd><%= @counts.likes %></dd>
|
||||
</dl>
|
||||
|
||||
<p class="date pull-left">
|
||||
<%= link published(@activity), to: activity_url(@author, @activity) %>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
function updateHeight() {
|
||||
window.requestAnimationFrame(function(){
|
||||
var height = document.getElementsByTagName('html')[0].scrollHeight;
|
||||
|
||||
window.parent.postMessage({
|
||||
type: 'setHeightPleromaEmbed',
|
||||
id: window.parentId,
|
||||
height: height,
|
||||
}, '*');
|
||||
})
|
||||
}
|
||||
|
||||
window.addEventListener('message', function(e){
|
||||
var data = e.data || {};
|
||||
|
||||
if (!window.parent || data.type !== 'setHeightPleromaEmbed') {
|
||||
return;
|
||||
}
|
||||
|
||||
window.parentId = data.id
|
||||
|
||||
updateHeight()
|
||||
});
|
||||
</script>
|
@ -0,0 +1,15 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1,minimal-ui" />
|
||||
<title><%= Pleroma.Config.get([:instance, :name]) %></title>
|
||||
<meta content='noindex' name='robots'>
|
||||
<%= Phoenix.HTML.raw(assigns[:meta] || "") %>
|
||||
<link rel="stylesheet" href="/embed.css">
|
||||
<base target="_parent">
|
||||
</head>
|
||||
<body>
|
||||
<%= render @view_module, @view_template, assigns %>
|
||||
</body>
|
||||
</html>
|
@ -0,0 +1,74 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.EmbedView do
|
||||
use Pleroma.Web, :view
|
||||
|
||||
alias Calendar.Strftime
|
||||
alias Pleroma.Activity
|
||||
alias Pleroma.Emoji.Formatter
|
||||
alias Pleroma.Object
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.Gettext
|
||||
alias Pleroma.Web.MediaProxy
|
||||
alias Pleroma.Web.Metadata.Utils
|
||||
alias Pleroma.Web.Router.Helpers
|
||||
|
||||
use Phoenix.HTML
|
||||
|
||||
@media_types ["image", "audio", "video"]
|
||||
|
||||
defp fetch_media_type(%{"mediaType" => mediaType}) do
|
||||
Utils.fetch_media_type(@media_types, mediaType)
|
||||
end
|
||||
|
||||
defp open_content? do
|
||||
Pleroma.Config.get(
|
||||
[:frontend_configurations, :collapse_message_with_subjects],
|
||||
true
|
||||
)
|
||||
end
|
||||
|
||||
defp full_nickname(user) do
|
||||
%{host: host} = URI.parse(user.ap_id)
|
||||
"@" <> user.nickname <> "@" <> host
|
||||
end
|
||||
|
||||
defp status_title(%Activity{object: %Object{data: %{"name" => name}}}) when is_binary(name),
|
||||
do: name
|
||||
|
||||
defp status_title(%Activity{object: %Object{data: %{"summary" => summary}}})
|
||||
when is_binary(summary),
|
||||
do: summary
|
||||
|
||||
defp status_title(_), do: nil
|
||||
|
||||
defp activity_content(%Activity{object: %Object{data: %{"content" => content}}}) do
|
||||
content |> Pleroma.HTML.filter_tags() |> raw()
|
||||
end
|
||||
|
||||
defp activity_content(_), do: nil
|
||||
|
||||
defp activity_url(%User{local: true}, activity) do
|
||||
Helpers.o_status_url(Pleroma.Web.Endpoint, :notice, activity)
|
||||
end
|
||||
|
||||
defp activity_url(%User{local: false}, %Activity{object: %Object{data: data}}) do
|
||||
data["url"] || data["external_url"] || data["id"]
|
||||
end
|
||||
|
||||
defp attachments(%Activity{object: %Object{data: %{"attachment" => attachments}}}) do
|
||||
attachments
|
||||
end
|
||||
|
||||
defp sensitive?(%Activity{object: %Object{data: %{"sensitive" => sensitive}}}) do
|
||||
sensitive
|
||||
end
|
||||
|
||||
defp published(%Activity{object: %Object{data: %{"published" => published}}}) do
|
||||
published
|
||||
|> NaiveDateTime.from_iso8601!()
|
||||
|> Strftime.strftime!("%B %d, %Y, %l:%M %p")
|
||||
end
|
||||
end
|
@ -0,0 +1,33 @@
|
||||
defmodule Pleroma.Repo.Migrations.AddRecipientsContainBlockedDomainsFunction do
|
||||
use Ecto.Migration
|
||||
@disable_ddl_transaction true
|
||||
|
||||
def up do
|
||||
statement = """
|
||||
CREATE OR REPLACE FUNCTION recipients_contain_blocked_domains(recipients varchar[], blocked_domains varchar[]) RETURNS boolean AS $$
|
||||
DECLARE
|
||||
recipient_domain varchar;
|
||||
recipient varchar;
|
||||
BEGIN
|
||||
FOREACH recipient IN ARRAY recipients LOOP
|
||||
recipient_domain = split_part(recipient, '/', 3)::varchar;
|
||||
|
||||
IF recipient_domain = ANY(blocked_domains) THEN
|
||||
RETURN TRUE;
|
||||
END IF;
|
||||
END LOOP;
|
||||
|
||||
RETURN FALSE;
|
||||
END;
|
||||
$$ LANGUAGE plpgsql;
|
||||
"""
|
||||
|
||||
execute(statement)
|
||||
end
|
||||
|
||||
def down do
|
||||
execute(
|
||||
"drop function if exists recipients_contain_blocked_domains(recipients varchar[], blocked_domains varchar[])"
|
||||
)
|
||||
end
|
||||
end
|
@ -0,0 +1,115 @@
|
||||
body {
|
||||
background-color: #282c37;
|
||||
font-family: sans-serif;
|
||||
color: white;
|
||||
margin: 0;
|
||||
padding: 1em;
|
||||
padding-bottom: 0;
|
||||
}
|
||||
|
||||
.avatar {
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.avatar img {
|
||||
float: left;
|
||||
border-radius: 4px;
|
||||
margin-right: 4px;
|
||||
}
|
||||
|
||||
.activity-content {
|
||||
padding-top: 1em;
|
||||
}
|
||||
|
||||
.attachment {
|
||||
margin-top: 1em;
|
||||
}
|
||||
|
||||
.attachment img {
|
||||
max-width: 100%;
|
||||
}
|
||||
|
||||
.date a {
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
.date a:hover {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
.date a,
|
||||
.counts {
|
||||
color: #666;
|
||||
font-size: 0.9em;
|
||||
}
|
||||
|
||||
.counts dt,
|
||||
.counts dd {
|
||||
float: left;
|
||||
margin-left: 1em;
|
||||
}
|
||||
|
||||
a {
|
||||
color: white;
|
||||
}
|
||||
|
||||
.h-card {
|
||||
min-height: 48px;
|
||||
margin-bottom: 8px;
|
||||
}
|
||||
|
||||
.h-card a {
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
.h-card a:hover {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
.display-name {
|
||||
padding-top: 4px;
|
||||
display: block;
|
||||
text-overflow: ellipsis;
|
||||
overflow: hidden;
|
||||
color: white;
|
||||
}
|
||||
|
||||
/* keep emoji from being hilariously huge */
|
||||
.display-name img {
|
||||
max-height: 1em;
|
||||
}
|
||||
|
||||
.display-name .nickname {
|
||||
padding-top: 4px;
|
||||
display: block;
|
||||
}
|
||||
|
||||
.nickname:hover {
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
.pull-right {
|
||||
float: right;
|
||||
}
|
||||
|
||||
.collapse {
|
||||
margin: 0;
|
||||
width: auto;
|
||||
}
|
||||
|
||||
a.button {
|
||||
box-sizing: border-box;
|
||||
display: inline-block;
|
||||
color: white;
|
||||
background-color: #419bdd;
|
||||
border-radius: 4px;
|
||||
border: none;
|
||||
padding: 10px;
|
||||
font-weight: 500;
|
||||
font-size: 0.9em;
|
||||
}
|
||||
|
||||
a.button:hover {
|
||||
text-decoration: none;
|
||||
background-color: #61a6d9;
|
||||
}
|
@ -0,0 +1,43 @@
|
||||
(function () {
|
||||
'use strict'
|
||||
|
||||
var ready = function (loaded) {
|
||||
if (['interactive', 'complete'].indexOf(document.readyState) !== -1) {
|
||||
loaded()
|
||||
} else {
|
||||
document.addEventListener('DOMContentLoaded', loaded)
|
||||
}
|
||||
}
|
||||
|
||||
ready(function () {
|
||||
var iframes = []
|
||||
|
||||
window.addEventListener('message', function (e) {
|
||||
var data = e.data || {}
|
||||
|
||||
if (data.type !== 'setHeightPleromaEmbed' || !iframes[data.id]) {
|
||||
return
|
||||
}
|
||||
|
||||
iframes[data.id].height = data.height
|
||||
});
|
||||
|
||||
[].forEach.call(document.querySelectorAll('iframe.pleroma-embed'), function (iframe) {
|
||||
iframe.scrolling = 'no'
|
||||
iframe.style.overflow = 'hidden'
|
||||
|
||||
iframes.push(iframe)
|
||||
|
||||
var id = iframes.length - 1
|
||||
|
||||
iframe.onload = function () {
|
||||
iframe.contentWindow.postMessage({
|
||||
type: 'setHeightPleromaEmbed',
|
||||
id: id
|
||||
}, '*')
|
||||
}
|
||||
|
||||
iframe.onload()
|
||||
})
|
||||
})
|
||||
})()
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,281 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
|
||||
use Pleroma.Web.ConnCase, async: true
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.UserInviteToken
|
||||
|
||||
setup do
|
||||
admin = insert(:user, is_admin: true)
|
||||
token = insert(:oauth_admin_token, user: admin)
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> assign(:user, admin)
|
||||
|> assign(:token, token)
|
||||
|
||||
{:ok, %{admin: admin, token: token, conn: conn}}
|
||||
end
|
||||
|
||||
describe "POST /api/pleroma/admin/users/email_invite, with valid config" do
|
||||
setup do: clear_config([:instance, :registrations_open], false)
|
||||
setup do: clear_config([:instance, :invites_enabled], true)
|
||||
|
||||
test "sends invitation and returns 204", %{admin: admin, conn: conn} do
|
||||
recipient_email = "foo@bar.com"
|
||||
recipient_name = "J. D."
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json;charset=utf-8")
|
||||
|> post("/api/pleroma/admin/users/email_invite", %{
|
||||
email: recipient_email,
|
||||
name: recipient_name
|
||||
})
|
||||
|
||||
assert json_response_and_validate_schema(conn, :no_content)
|
||||
|
||||
token_record = List.last(Repo.all(Pleroma.UserInviteToken))
|
||||
assert token_record
|
||||
refute token_record.used
|
||||
|
||||
notify_email = Config.get([:instance, :notify_email])
|
||||
instance_name = Config.get([:instance, :name])
|
||||
|
||||
email =
|
||||
Pleroma.Emails.UserEmail.user_invitation_email(
|
||||
admin,
|
||||
token_record,
|
||||
recipient_email,
|
||||
recipient_name
|
||||
)
|
||||
|
||||
Swoosh.TestAssertions.assert_email_sent(
|
||||
from: {instance_name, notify_email},
|
||||
to: {recipient_name, recipient_email},
|
||||
html_body: email.html_body
|
||||
)
|
||||
end
|
||||
|
||||
test "it returns 403 if requested by a non-admin" do
|
||||
non_admin_user = insert(:user)
|
||||
token = insert(:oauth_token, user: non_admin_user)
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> assign(:user, non_admin_user)
|
||||
|> assign(:token, token)
|
||||
|> put_req_header("content-type", "application/json;charset=utf-8")
|
||||
|> post("/api/pleroma/admin/users/email_invite", %{
|
||||
email: "foo@bar.com",
|
||||
name: "JD"
|
||||
})
|
||||
|
||||
assert json_response(conn, :forbidden)
|
||||
end
|
||||
|
||||
test "email with +", %{conn: conn, admin: admin} do
|
||||
recipient_email = "foo+bar@baz.com"
|
||||
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json;charset=utf-8")
|
||||
|> post("/api/pleroma/admin/users/email_invite", %{email: recipient_email})
|
||||
|> json_response_and_validate_schema(:no_content)
|
||||
|
||||
token_record =
|
||||
Pleroma.UserInviteToken
|
||||
|> Repo.all()
|
||||
|> List.last()
|
||||
|
||||
assert token_record
|
||||
refute token_record.used
|
||||
|
||||
notify_email = Config.get([:instance, :notify_email])
|
||||
instance_name = Config.get([:instance, :name])
|
||||
|
||||
email =
|
||||
Pleroma.Emails.UserEmail.user_invitation_email(
|
||||
admin,
|
||||
token_record,
|
||||
recipient_email
|
||||
)
|
||||
|
||||
Swoosh.TestAssertions.assert_email_sent(
|
||||
from: {instance_name, notify_email},
|
||||
to: recipient_email,
|
||||
html_body: email.html_body
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
|
||||
setup do: clear_config([:instance, :registrations_open])
|
||||
setup do: clear_config([:instance, :invites_enabled])
|
||||
|
||||
test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
|
||||
Config.put([:instance, :registrations_open], false)
|
||||
Config.put([:instance, :invites_enabled], false)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/users/email_invite", %{
|
||||
email: "foo@bar.com",
|
||||
name: "JD"
|
||||
})
|
||||
|
||||
assert json_response_and_validate_schema(conn, :bad_request) ==
|
||||
%{
|
||||
"error" =>
|
||||
"To send invites you need to set the `invites_enabled` option to true."
|
||||
}
|
||||
end
|
||||
|
||||
test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do
|
||||
Config.put([:instance, :registrations_open], true)
|
||||
Config.put([:instance, :invites_enabled], true)
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/users/email_invite", %{
|
||||
email: "foo@bar.com",
|
||||
name: "JD"
|
||||
})
|
||||
|
||||
assert json_response_and_validate_schema(conn, :bad_request) ==
|
||||
%{
|
||||
"error" =>
|
||||
"To send invites you need to set the `registrations_open` option to false."
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /api/pleroma/admin/users/invite_token" do
|
||||
test "without options", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/users/invite_token")
|
||||
|
||||
invite_json = json_response_and_validate_schema(conn, 200)
|
||||
invite = UserInviteToken.find_by_token!(invite_json["token"])
|
||||
refute invite.used
|
||||
refute invite.expires_at
|
||||
refute invite.max_use
|
||||
assert invite.invite_type == "one_time"
|
||||
end
|
||||
|
||||
test "with expires_at", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/users/invite_token", %{
|
||||
"expires_at" => Date.to_string(Date.utc_today())
|
||||
})
|
||||
|
||||
invite_json = json_response_and_validate_schema(conn, 200)
|
||||
invite = UserInviteToken.find_by_token!(invite_json["token"])
|
||||
|
||||
refute invite.used
|
||||
assert invite.expires_at == Date.utc_today()
|
||||
refute invite.max_use
|
||||
assert invite.invite_type == "date_limited"
|
||||
end
|
||||
|
||||
test "with max_use", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/users/invite_token", %{"max_use" => 150})
|
||||
|
||||
invite_json = json_response_and_validate_schema(conn, 200)
|
||||
invite = UserInviteToken.find_by_token!(invite_json["token"])
|
||||
refute invite.used
|
||||
refute invite.expires_at
|
||||
assert invite.max_use == 150
|
||||
assert invite.invite_type == "reusable"
|
||||
end
|
||||
|
||||
test "with max use and expires_at", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/users/invite_token", %{
|
||||
"max_use" => 150,
|
||||
"expires_at" => Date.to_string(Date.utc_today())
|
||||
})
|
||||
|
||||
invite_json = json_response_and_validate_schema(conn, 200)
|
||||
invite = UserInviteToken.find_by_token!(invite_json["token"])
|
||||
refute invite.used
|
||||
assert invite.expires_at == Date.utc_today()
|
||||
assert invite.max_use == 150
|
||||
assert invite.invite_type == "reusable_date_limited"
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/users/invites" do
|
||||
test "no invites", %{conn: conn} do
|
||||
conn = get(conn, "/api/pleroma/admin/users/invites")
|
||||
|
||||
assert json_response_and_validate_schema(conn, 200) == %{"invites" => []}
|
||||
end
|
||||
|
||||
test "with invite", %{conn: conn} do
|
||||
{:ok, invite} = UserInviteToken.create_invite()
|
||||
|
||||
conn = get(conn, "/api/pleroma/admin/users/invites")
|
||||
|
||||
assert json_response_and_validate_schema(conn, 200) == %{
|
||||
"invites" => [
|
||||
%{
|
||||
"expires_at" => nil,
|
||||
"id" => invite.id,
|
||||
"invite_type" => "one_time",
|
||||
"max_use" => nil,
|
||||
"token" => invite.token,
|
||||
"used" => false,
|
||||
"uses" => 0
|
||||
}
|
||||
]
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /api/pleroma/admin/users/revoke_invite" do
|
||||
test "with token", %{conn: conn} do
|
||||
{:ok, invite} = UserInviteToken.create_invite()
|
||||
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})
|
||||
|
||||
assert json_response_and_validate_schema(conn, 200) == %{
|
||||
"expires_at" => nil,
|
||||
"id" => invite.id,
|
||||
"invite_type" => "one_time",
|
||||
"max_use" => nil,
|
||||
"token" => invite.token,
|
||||
"used" => true,
|
||||
"uses" => 0
|
||||
}
|
||||
end
|
||||
|
||||
test "with invalid token", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
|
||||
|
||||
assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,220 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.OAuthAppControllerTest do
|
||||
use Pleroma.Web.ConnCase, async: true
|
||||
use Oban.Testing, repo: Pleroma.Repo
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.Web
|
||||
|
||||
setup do
|
||||
admin = insert(:user, is_admin: true)
|
||||
token = insert(:oauth_admin_token, user: admin)
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> assign(:user, admin)
|
||||
|> assign(:token, token)
|
||||
|
||||
{:ok, %{admin: admin, token: token, conn: conn}}
|
||||
end
|
||||
|
||||
describe "POST /api/pleroma/admin/oauth_app" do
|
||||
test "errors", %{conn: conn} do
|
||||
response =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/oauth_app", %{})
|
||||
|> json_response_and_validate_schema(400)
|
||||
|
||||
assert %{
|
||||
"error" => "Missing field: name. Missing field: redirect_uris."
|
||||
} = response
|
||||
end
|
||||
|
||||
test "success", %{conn: conn} do
|
||||
base_url = Web.base_url()
|
||||
app_name = "Trusted app"
|
||||
|
||||
response =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/oauth_app", %{
|
||||
name: app_name,
|
||||
redirect_uris: base_url
|
||||
})
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert %{
|
||||
"client_id" => _,
|
||||
"client_secret" => _,
|
||||
"name" => ^app_name,
|
||||
"redirect_uri" => ^base_url,
|
||||
"trusted" => false
|
||||
} = response
|
||||
end
|
||||
|
||||
test "with trusted", %{conn: conn} do
|
||||
base_url = Web.base_url()
|
||||
app_name = "Trusted app"
|
||||
|
||||
response =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/oauth_app", %{
|
||||
name: app_name,
|
||||
redirect_uris: base_url,
|
||||
trusted: true
|
||||
})
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert %{
|
||||
"client_id" => _,
|
||||
"client_secret" => _,
|
||||
"name" => ^app_name,
|
||||
"redirect_uri" => ^base_url,
|
||||
"trusted" => true
|
||||
} = response
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/oauth_app" do
|
||||
setup do
|
||||
app = insert(:oauth_app)
|
||||
{:ok, app: app}
|
||||
end
|
||||
|
||||
test "list", %{conn: conn} do
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/oauth_app")
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert %{"apps" => apps, "count" => count, "page_size" => _} = response
|
||||
|
||||
assert length(apps) == count
|
||||
end
|
||||
|
||||
test "with page size", %{conn: conn} do
|
||||
insert(:oauth_app)
|
||||
page_size = 1
|
||||
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/oauth_app?page_size=#{page_size}")
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert %{"apps" => apps, "count" => _, "page_size" => ^page_size} = response
|
||||
|
||||
assert length(apps) == page_size
|
||||
end
|
||||
|
||||
test "search by client name", %{conn: conn, app: app} do
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/oauth_app?name=#{app.client_name}")
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert %{"apps" => [returned], "count" => _, "page_size" => _} = response
|
||||
|
||||
assert returned["client_id"] == app.client_id
|
||||
assert returned["name"] == app.client_name
|
||||
end
|
||||
|
||||
test "search by client id", %{conn: conn, app: app} do
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/oauth_app?client_id=#{app.client_id}")
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert %{"apps" => [returned], "count" => _, "page_size" => _} = response
|
||||
|
||||
assert returned["client_id"] == app.client_id
|
||||
assert returned["name"] == app.client_name
|
||||
end
|
||||
|
||||
test "only trusted", %{conn: conn} do
|
||||
app = insert(:oauth_app, trusted: true)
|
||||
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/oauth_app?trusted=true")
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert %{"apps" => [returned], "count" => _, "page_size" => _} = response
|
||||
|
||||
assert returned["client_id"] == app.client_id
|
||||
assert returned["name"] == app.client_name
|
||||
end
|
||||
end
|
||||
|
||||
describe "DELETE /api/pleroma/admin/oauth_app/:id" do
|
||||
test "with id", %{conn: conn} do
|
||||
app = insert(:oauth_app)
|
||||
|
||||
response =
|
||||
conn
|
||||
|> delete("/api/pleroma/admin/oauth_app/" <> to_string(app.id))
|
||||
|> json_response_and_validate_schema(:no_content)
|
||||
|
||||
assert response == ""
|
||||
end
|
||||
|
||||
test "with non existance id", %{conn: conn} do
|
||||
response =
|
||||
conn
|
||||
|> delete("/api/pleroma/admin/oauth_app/0")
|
||||
|> json_response_and_validate_schema(:bad_request)
|
||||
|
||||
assert response == ""
|
||||
end
|
||||
end
|
||||
|
||||
describe "PATCH /api/pleroma/admin/oauth_app/:id" do
|
||||
test "with id", %{conn: conn} do
|
||||
app = insert(:oauth_app)
|
||||
|
||||
name = "another name"
|
||||
url = "https://example.com"
|
||||
scopes = ["admin"]
|
||||
id = app.id
|
||||
website = "http://website.com"
|
||||
|
||||
response =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/oauth_app/#{id}", %{
|
||||
name: name,
|
||||
trusted: true,
|
||||
redirect_uris: url,
|
||||
scopes: scopes,
|
||||
website: website
|
||||
})
|
||||
|> json_response_and_validate_schema(200)
|
||||
|
||||
assert %{
|
||||
"client_id" => _,
|
||||
"client_secret" => _,
|
||||
"id" => ^id,
|
||||
"name" => ^name,
|
||||
"redirect_uri" => ^url,
|
||||
"trusted" => true,
|
||||
"website" => ^website
|
||||
} = response
|
||||
end
|
||||
|
||||
test "without id", %{conn: conn} do
|
||||
response =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/oauth_app/0")
|
||||
|> json_response_and_validate_schema(:bad_request)
|
||||
|
||||
assert response == ""
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,374 @@
|
||||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.AdminAPI.ReportControllerTest do
|
||||
use Pleroma.Web.ConnCase
|
||||
|
||||
import Pleroma.Factory
|
||||
|
||||
alias Pleroma.Activity
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.ModerationLog
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.ReportNote
|
||||
alias Pleroma.Web.CommonAPI
|
||||
|
||||
setup do
|
||||
admin = insert(:user, is_admin: true)
|
||||
token = insert(:oauth_admin_token, user: admin)
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> assign(:user, admin)
|
||||
|> assign(:token, token)
|
||||
|
||||
{:ok, %{admin: admin, token: token, conn: conn}}
|
||||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/reports/:id" do
|
||||
test "returns report by its id", %{conn: conn} do
|
||||
[reporter, target_user] = insert_pair(:user)
|
||||
activity = insert(:note_activity, user: target_user)
|
||||
|
||||
{:ok, %{id: report_id}} =
|
||||
CommonAPI.report(reporter, %{
|
||||
account_id: target_user.id,
|
||||
comment: "I feel offended",
|
||||
status_ids: [activity.id]
|
||||
})
|
||||
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/reports/#{report_id}")
|
||||
|> json_response_and_validate_schema(:ok)
|
||||
|
||||
assert response["id"] == report_id
|
||||
end
|
||||
|
||||
test "returns 404 when report id is invalid", %{conn: conn} do
|
||||
conn = get(conn, "/api/pleroma/admin/reports/test")
|
||||
|
||||
assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
|
||||
end
|
||||
end
|
||||
|
||||
describe "PATCH /api/pleroma/admin/reports" do
|
||||
setup do
|
||||
[reporter, target_user] = insert_pair(:user)
|
||||
activity = insert(:note_activity, user: target_user)
|
||||
|
||||
{:ok, %{id: report_id}} =
|
||||
CommonAPI.report(reporter, %{
|
||||
account_id: target_user.id,
|
||||
comment: "I feel offended",
|
||||
status_ids: [activity.id]
|
||||
})
|
||||
|
||||
{:ok, %{id: second_report_id}} =
|
||||
CommonAPI.report(reporter, %{
|
||||
account_id: target_user.id,
|
||||
comment: "I feel very offended",
|
||||
status_ids: [activity.id]
|
||||
})
|
||||
|
||||
%{
|
||||
id: report_id,
|
||||
second_report_id: second_report_id
|
||||
}
|
||||
end
|
||||
|
||||
test "requires admin:write:reports scope", %{conn: conn, id: id, admin: admin} do
|
||||
read_token = insert(:oauth_token, user: admin, scopes: ["admin:read"])
|
||||
write_token = insert(:oauth_token, user: admin, scopes: ["admin:write:reports"])
|
||||
|
||||
response =
|
||||
conn
|
||||
|> assign(:token, read_token)
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/reports", %{
|
||||
"reports" => [%{"state" => "resolved", "id" => id}]
|
||||
})
|
||||
|> json_response_and_validate_schema(403)
|
||||
|
||||
assert response == %{
|
||||
"error" => "Insufficient permissions: admin:write:reports."
|
||||
}
|
||||
|
||||
conn
|
||||
|> assign(:token, write_token)
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/reports", %{
|
||||
"reports" => [%{"state" => "resolved", "id" => id}]
|
||||
})
|
||||
|> json_response_and_validate_schema(:no_content)
|
||||
end
|
||||
|
||||
test "mark report as resolved", %{conn: conn, id: id, admin: admin} do
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/reports", %{
|
||||
"reports" => [
|
||||
%{"state" => "resolved", "id" => id}
|
||||
]
|
||||
})
|
||||
|> json_response_and_validate_schema(:no_content)
|
||||
|
||||
activity = Activity.get_by_id(id)
|
||||
assert activity.data["state"] == "resolved"
|
||||
|
||||
log_entry = Repo.one(ModerationLog)
|
||||
|
||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||
"@#{admin.nickname} updated report ##{id} with 'resolved' state"
|
||||
end
|
||||
|
||||
test "closes report", %{conn: conn, id: id, admin: admin} do
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/reports", %{
|
||||
"reports" => [
|
||||
%{"state" => "closed", "id" => id}
|
||||
]
|
||||
})
|
||||
|> json_response_and_validate_schema(:no_content)
|
||||
|
||||
activity = Activity.get_by_id(id)
|
||||
assert activity.data["state"] == "closed"
|
||||
|
||||
log_entry = Repo.one(ModerationLog)
|
||||
|
||||
assert ModerationLog.get_log_entry_message(log_entry) ==
|
||||
"@#{admin.nickname} updated report ##{id} with 'closed' state"
|
||||
end
|
||||
|
||||
test "returns 400 when state is unknown", %{conn: conn, id: id} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/reports", %{
|
||||
"reports" => [
|
||||
%{"state" => "test", "id" => id}
|
||||
]
|
||||
})
|
||||
|
||||
assert "Unsupported state" =
|
||||
hd(json_response_and_validate_schema(conn, :bad_request))["error"]
|
||||
end
|
||||
|
||||
test "returns 404 when report is not exist", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/reports", %{
|
||||
"reports" => [
|
||||
%{"state" => "closed", "id" => "test"}
|
||||
]
|
||||
})
|
||||
|
||||
assert hd(json_response_and_validate_schema(conn, :bad_request))["error"] == "not_found"
|
||||
end
|
||||
|
||||
test "updates state of multiple reports", %{
|
||||
conn: conn,
|
||||
id: id,
|
||||
admin: admin,
|
||||
second_report_id: second_report_id
|
||||
} do
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> patch("/api/pleroma/admin/reports", %{
|
||||
"reports" => [
|
||||
%{"state" => "resolved", "id" => id},
|
||||
%{"state" => "closed", "id" => second_report_id}
|
||||
]
|
||||
})
|
||||
|> json_response_and_validate_schema(:no_content)
|
||||
|
||||
activity = Activity.get_by_id(id)
|
||||
second_activity = Activity.get_by_id(second_report_id)
|
||||
assert activity.data["state"] == "resolved"
|
||||
assert second_activity.data["state"] == "closed"
|
||||
|
||||
[first_log_entry, second_log_entry] = Repo.all(ModerationLog)
|
||||
|
||||
assert ModerationLog.get_log_entry_message(first_log_entry) ==
|
||||
"@#{admin.nickname} updated report ##{id} with 'resolved' state"
|
||||
|
||||
assert ModerationLog.get_log_entry_message(second_log_entry) ==
|
||||
"@#{admin.nickname} updated report ##{second_report_id} with 'closed' state"
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /api/pleroma/admin/reports" do
|
||||
test "returns empty response when no reports created", %{conn: conn} do
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/reports")
|
||||
|> json_response_and_validate_schema(:ok)
|
||||
|
||||
assert Enum.empty?(response["reports"])
|
||||
assert response["total"] == 0
|
||||
end
|
||||
|
||||
test "returns reports", %{conn: conn} do
|
||||
[reporter, target_user] = insert_pair(:user)
|
||||
activity = insert(:note_activity, user: target_user)
|
||||
|
||||
{:ok, %{id: report_id}} =
|
||||
CommonAPI.report(reporter, %{
|
||||
account_id: target_user.id,
|
||||
comment: "I feel offended",
|
||||
status_ids: [activity.id]
|
||||
})
|
||||
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/reports")
|
||||
|> json_response_and_validate_schema(:ok)
|
||||
|
||||
[report] = response["reports"]
|
||||
|
||||
assert length(response["reports"]) == 1
|
||||
assert report["id"] == report_id
|
||||
|
||||
assert response["total"] == 1
|
||||
end
|
||||
|
||||
test "returns reports with specified state", %{conn: conn} do
|
||||
[reporter, target_user] = insert_pair(:user)
|
||||
activity = insert(:note_activity, user: target_user)
|
||||
|
||||
{:ok, %{id: first_report_id}} =
|
||||
CommonAPI.report(reporter, %{
|
||||
account_id: target_user.id,
|
||||
comment: "I feel offended",
|
||||
status_ids: [activity.id]
|
||||
})
|
||||
|
||||
{:ok, %{id: second_report_id}} =
|
||||
CommonAPI.report(reporter, %{
|
||||
account_id: target_user.id,
|
||||
comment: "I don't like this user"
|
||||
})
|
||||
|
||||
CommonAPI.update_report_state(second_report_id, "closed")
|
||||
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/reports?state=open")
|
||||
|> json_response_and_validate_schema(:ok)
|
||||
|
||||
assert [open_report] = response["reports"]
|
||||
|
||||
assert length(response["reports"]) == 1
|
||||
assert open_report["id"] == first_report_id
|
||||
|
||||
assert response["total"] == 1
|
||||
|
||||
response =
|
||||
conn
|
||||
|> get("/api/pleroma/admin/reports?state=closed")
|
||||
|> json_response_and_validate_schema(:ok)
|
||||
|
||||
assert [closed_report] = response["reports"]
|
||||
|
||||
assert length(response["reports"]) == 1
|
||||
assert closed_report["id"] == second_report_id
|
||||
|
||||
assert response["total"] == 1
|
||||
|
||||
assert %{"total" => 0, "reports" => []} ==
|
||||
conn
|
||||
|> get("/api/pleroma/admin/reports?state=resolved", %{
|
||||
"" => ""
|
||||
})
|
||||
|> json_response_and_validate_schema(:ok)
|
||||
end
|
||||
|
||||
test "returns 403 when requested by a non-admin" do
|
||||
user = insert(:user)
|
||||
token = insert(:oauth_token, user: user)
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> assign(:user, user)
|
||||
|> assign(:token, token)
|
||||
|> get("/api/pleroma/admin/reports")
|
||||
|
||||
assert json_response(conn, :forbidden) ==
|
||||
%{"error" => "User is not an admin or OAuth admin scope is not granted."}
|
||||
end
|
||||
|
||||
test "returns 403 when requested by anonymous" do
|
||||
conn = get(build_conn(), "/api/pleroma/admin/reports")
|
||||
|
||||
assert json_response(conn, :forbidden) == %{
|
||||
"error" => "Invalid credentials."
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /api/pleroma/admin/reports/:id/notes" do
|
||||
setup %{conn: conn, admin: admin} do
|
||||
[reporter, target_user] = insert_pair(:user)
|
||||
activity = insert(:note_activity, user: target_user)
|
||||
|
||||
{:ok, %{id: report_id}} =
|
||||
CommonAPI.report(reporter, %{
|
||||
account_id: target_user.id,
|
||||
comment: "I feel offended",
|
||||
status_ids: [activity.id]
|
||||
})
|
||||
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
|
||||
content: "this is disgusting!"
|
||||
})
|
||||
|
||||
conn
|
||||
|> put_req_header("content-type", "application/json")
|
||||
|> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
|
||||
content: "this is disgusting2!"
|
||||
})
|
||||
|
||||
%{
|
||||
admin_id: admin.id,
|
||||
report_id: report_id
|
||||
}
|
||||
end
|
||||
|
||||
test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
|
||||
assert [note, _] = Repo.all(ReportNote)
|
||||
|
||||
assert %{
|
||||
activity_id: ^report_id,
|
||||
content: "this is disgusting!",
|
||||
user_id: ^admin_id
|
||||
} = note
|
||||
end
|
||||
|
||||
test "it returns reports with notes", %{conn: conn, admin: admin} do
|
||||
conn = get(conn, "/api/pleroma/admin/reports")
|
||||
|
||||
response = json_response_and_validate_schema(conn, 200)
|
||||
notes = hd(response["reports"])["notes"]
|
||||
[note, _] = notes
|
||||
|
||||
assert note["user"]["nickname"] == admin.nickname
|
||||
assert note["content"] == "this is disgusting!"
|
||||
assert note["created_at"]
|
||||
assert response["total"] == 1
|
||||
end
|
||||
|
||||
test "it deletes the note", %{conn: conn, report_id: report_id} do
|
||||
assert ReportNote |> Repo.all() |> length() == 2
|
||||
assert [note, _] = Repo.all(ReportNote)
|
||||
|
||||
delete(conn, "/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
|
||||
|
||||
assert ReportNote |> Repo.all() |> length() == 1
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in new issue