diff --git a/CHANGELOG.md b/CHANGELOG.md index 083654d2e..958bd8943 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -86,6 +86,8 @@ - Update ApiV1Controller, fix mute/block entities ([364adb43](https://github.com/pixelfed/pixelfed/commit/364adb43)) - Update atom feed, remove invalid entities ([e362ef9e](https://github.com/pixelfed/pixelfed/commit/e362ef9e)) - Update StatusObserver, handle events after all transactions are committed ([805a014e](https://github.com/pixelfed/pixelfed/commit/805a014e)) +- Update ApiV1Controller, add collection_ids parameter to /api/v1/statuses endpoint ([7ae21fc3](https://github.com/pixelfed/pixelfed/commit/7ae21fc3)) +- Update ApiV1Controller, add comments_disabled param to /api/v1/statuses endpoint ([95b58610](https://github.com/pixelfed/pixelfed/commit/95b58610)) - ([](https://github.com/pixelfed/pixelfed/commit/)) ## [v0.11.3 (2022-05-09)](https://github.com/pixelfed/pixelfed/compare/v0.11.2...v0.11.3) diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php index 42b5e6121..9411cc0a9 100644 --- a/app/Http/Controllers/Api/ApiV1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Controller.php @@ -12,6 +12,8 @@ use Auth, Cache, DB, URL; use App\{ Avatar, Bookmark, + Collection, + CollectionItem, DirectMessage, Follower, FollowRequest, @@ -59,6 +61,7 @@ use App\Jobs\VideoPipeline\{ use App\Services\{ AccountService, + CollectionService, FollowerService, InstanceService, LikeService, @@ -2481,7 +2484,9 @@ class ApiV1Controller extends Controller 'sensitive' => 'nullable', 'visibility' => 'string|in:private,unlisted,public', 'spoiler_text' => 'sometimes|max:140', - 'place_id' => 'sometimes|integer|min:1|max:128769' + 'place_id' => 'sometimes|integer|min:1|max:128769', + 'collection_ids' => 'sometimes|array|max:3', + 'comments_disabled' => 'sometimes|boolean', ]); if(config('costar.enabled') == true) { @@ -2536,6 +2541,9 @@ class ApiV1Controller extends Controller if($in_reply_to_id) { $parent = Status::findOrFail($in_reply_to_id); + if($parent->comments_disabled) { + return $this->json("Comments have been disabled on this post", 422); + } $blocks = UserFilterService::blocks($parent->profile_id); abort_if(in_array($profile->id, $blocks), 422, 'Cannot reply to this post at this time.'); @@ -2597,6 +2605,10 @@ class ApiV1Controller extends Controller abort(400, 'Invalid media ids'); } + if($request->has('comments_disabled') && $request->input('comments_disabled')) { + $status->comments_disabled = true; + } + $status->scope = $visibility; $status->visibility = $visibility; $status->type = StatusController::mimeTypeCheck($mimes); @@ -2618,6 +2630,27 @@ class ApiV1Controller extends Controller Cache::forget('profile:embed:' . $status->profile_id); Cache::forget($limitKey); + if($request->has('collection_ids') && $ids) { + $collections = Collection::whereProfileId($user->profile_id) + ->find($request->input('collection_ids')) + ->each(function($collection) use($status) { + $count = $collection->items()->count(); + $item = CollectionItem::firstOrCreate([ + 'collection_id' => $collection->id, + 'object_type' => 'App\Status', + 'object_id' => $status->id + ],[ + 'order' => $count, + ]); + + CollectionService::addItem( + $collection->id, + $status->id, + $count + ); + }); + } + $res = StatusService::getMastodon($status->id, false); $res['favourited'] = false; $res['language'] = 'en'; diff --git a/app/Http/Controllers/CollectionController.php b/app/Http/Controllers/CollectionController.php index 4e6272f04..e168e4ff7 100644 --- a/app/Http/Controllers/CollectionController.php +++ b/app/Http/Controllers/CollectionController.php @@ -17,6 +17,7 @@ use App\Transformer\Api\{ }; use League\Fractal\Serializer\ArraySerializer; use League\Fractal\Pagination\IlluminatePaginatorAdapter; +use App\Services\AccountService; use App\Services\CollectionService; use App\Services\FollowerService; use App\Services\StatusService; @@ -222,32 +223,33 @@ class CollectionController extends Controller $follows = false; $visibility = ['public']; - $profile = Profile::whereNull('status') - ->whereNull('domain') - ->findOrFail($id); - - if($pid) { - $follows = FollowerService::follows($pid, $profile->id); + $profile = AccountService::get($id, true); + if(!$profile || !isset($profile['id'])) { + return response()->json([], 404); } - if($profile->is_private) { + if($pid) { + $follows = FollowerService::follows($pid, $profile['id']); + } + + if($profile['locked']) { abort_if(!$pid, 404); if(!$user->is_admin) { - abort_if($profile->id != $pid && $follows == false, 404); + abort_if($profile['id'] != $pid && $follows == false, 404); } } - $owner = $pid ? $pid == $profile->id : false; + $owner = $pid ? $pid == $profile['id'] : false; if($follows) { $visibility = ['public', 'private']; } - if($pid && $pid == $profile->id) { + if($pid && $pid == $profile['id']) { $visibility = ['public', 'private', 'draft']; } - return Collection::whereProfileId($profile->id) + return Collection::whereProfileId($profile['id']) ->whereIn('visibility', $visibility) ->when(!$owner, function($q, $owner) { return $q->whereNotNull('published_at'); diff --git a/app/Http/Controllers/MobileController.php b/app/Http/Controllers/MobileController.php new file mode 100644 index 000000000..3ca206bbc --- /dev/null +++ b/app/Http/Controllers/MobileController.php @@ -0,0 +1,29 @@ +addDays(120), function() { + $slug = '/site/terms'; + return Page::whereSlug($slug)->whereActive(true)->first(); + }); + return View::make('mobile.terms')->with(compact('page'))->render(); + } + + public function privacy(Request $request) + { + $page = Cache::remember('site:privacy', now()->addDays(120), function() { + $slug = '/site/privacy'; + return Page::whereSlug($slug)->whereActive(true)->first(); + }); + return View::make('mobile.privacy')->with(compact('page'))->render(); + } +} diff --git a/public/js/daci-17lx4qxke.js b/public/js/daci-17lx4qxke.js index 28a500b22..3cc6c601c 100644 Binary files a/public/js/daci-17lx4qxke.js and b/public/js/daci-17lx4qxke.js differ diff --git a/public/js/dffc-17lx4qxke.js b/public/js/dffc-17lx4qxke.js index a1198e1f2..d82b6e0f8 100644 Binary files a/public/js/dffc-17lx4qxke.js and b/public/js/dffc-17lx4qxke.js differ diff --git a/public/js/dmyh-17lx4qxke.js b/public/js/dmyh-17lx4qxke.js index 07d9879a8..73e4fb432 100644 Binary files a/public/js/dmyh-17lx4qxke.js and b/public/js/dmyh-17lx4qxke.js differ diff --git a/public/js/dmym-17lx4qxke.js b/public/js/dmym-17lx4qxke.js index 07dba14c0..f1fc8fa12 100644 Binary files a/public/js/dmym-17lx4qxke.js and b/public/js/dmym-17lx4qxke.js differ diff --git a/public/js/dsfc-17lx4qxke.js b/public/js/dsfc-17lx4qxke.js index b29c5435b..b70e5fd61 100644 Binary files a/public/js/dsfc-17lx4qxke.js and b/public/js/dsfc-17lx4qxke.js differ diff --git a/public/js/dssc-17lx4qxke.js b/public/js/dssc-17lx4qxke.js index 0ea7b1ce4..752f543f7 100644 Binary files a/public/js/dssc-17lx4qxke.js and b/public/js/dssc-17lx4qxke.js differ diff --git a/public/js/home-17lx4qxke.js b/public/js/home-17lx4qxke.js index 8b22b3f67..db7155436 100644 Binary files a/public/js/home-17lx4qxke.js and b/public/js/home-17lx4qxke.js differ diff --git a/public/js/post-17lx4qxke.js b/public/js/post-17lx4qxke.js index 7f0bf0c7b..d85b20a8e 100644 Binary files a/public/js/post-17lx4qxke.js and b/public/js/post-17lx4qxke.js differ diff --git a/public/js/profile-17lx4qxke.js b/public/js/profile-17lx4qxke.js index f0b50b83d..8468a210b 100644 Binary files a/public/js/profile-17lx4qxke.js and b/public/js/profile-17lx4qxke.js differ diff --git a/public/mix-manifest.json b/public/mix-manifest.json index 50625b40e..72e63e7b4 100644 Binary files a/public/mix-manifest.json and b/public/mix-manifest.json differ diff --git a/resources/views/mobile/privacy.blade.php b/resources/views/mobile/privacy.blade.php new file mode 100644 index 000000000..35dece3b9 --- /dev/null +++ b/resources/views/mobile/privacy.blade.php @@ -0,0 +1,105 @@ +@extends('layouts.blank') + +@section('content') +
+
+

Privacy Policy

+

Last Updated: Sept 28, 2022

+ +
+
+ @if($page && $page->content) + {!! $page->content !!} + @else +
+
1. What information do we collect?
+
    +
  • + Basic account information: If you register on this server, you may be asked to enter a username, an e-mail address and a password. You may also enter additional profile information such as a display name and biography, and upload a profile picture and header image. The username, display name, biography and avatar image are always listed publicly. +
    • +
  • + Posts, following and other public information: The list of people you follow is listed publicly, the same is true for your followers. When you submit a message, the date and time is stored as well as the application you submitted the message from. Messages may contain media attachments, such as pictures and videos. Public and unlisted posts are available publicly. When you feature a post on your profile, that is also publicly available information. Your posts are delivered to your followers, in some cases it means they are delivered to different servers and copies are stored there. When you delete posts, this is likewise delivered to your followers. The action of reblogging or favouriting another post is always public. +
    • +
  • + Direct and followers-only posts: All posts are stored and processed on the server. Followers-only posts are delivered to your followers and users who are mentioned in them, and direct posts are delivered only to users mentioned in them. In some cases it means they are delivered to different servers and copies are stored there. We make a good faith effort to limit the access to those posts only to authorized persons, but other servers may fail to do so. Therefore it’s important to review servers your followers belong to. You may toggle an option to approve and reject new followers manually in the settings. Please keep in mind that the operators of the server and any receiving server may view such messages, and that recipients may screenshot, copy or otherwise re-share them. Do not share any dangerous information over Pixelfed. +
    • +
  • + IPs and other metadata: When you log in, we record the IP address you log in from, as well as the name of your browser application. All the logged in sessions are available for your review and revocation in the settings. The latest IP address used is stored for up to 12 months. We also may retain server logs which include the IP address of every request to our server. +
    • +
+
2. What do we use your information for?
+ +

Any of the information we collect from you may be used in the following ways:

+
    +
  • + To provide the core functionality of Pixelfed. You can only interact with other people’s content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your own personalized home timeline. +
    • +
  • + To aid moderation of the community, for example comparing your IP address with other known ones to determine ban evasion or other violations. +
    • +
  • + The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions. +
    • +
+ +
3. How do we protect your information?
+

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm. You may enable two-factor authentication to further secure access to your account.

+ + +
4. What is our data retention policy?
+

We will make a good faith effort to:

+
    +
  • + Retain server logs containing the IP address of all requests to this server, in so far as such logs are kept, no more than 90 days. +
    • +
  • + Retain the IP addresses associated with registered users no more than 12 months. +
    • +
  • + You can request and download an archive of your content, including your posts, media attachments, profile picture, and header image. +
    • +
+

You may irreversibly delete your account at any time.

+ +
5. Do we use cookies?
+

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account. +

+

We use cookies to understand and save your preferences for future visits.

+ +
6. Do we disclose any information to outside parties?
+

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.

+

Your public content may be downloaded by other servers in the network. Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, in so far as those followers or recipients reside on a different server than this.

+

When you authorize an application to use your account, depending on the scope of permissions you approve, it may access your public profile information, your following list, your followers, your lists, all your posts, and your favourites. Applications can never access your e-mail address or password.

+ +
7. Site usage by children
+ +

If this server is in the EU or the EEA: Our site, products and services are all directed to people who are at least 16 years old. If you are under the age of 16, per the requirements of the GDPR (General Data Protection Regulation) do not use this site.

+ +

If this server is in the USA: Our site, products and services are all directed to people who are at least 13 years old. If you are under the age of 13, per the requirements of COPPA (Children's Online Privacy Protection Act) do not use this site.

+ +

Law requirements can be different if this server is in another jurisdiction.

+ +
8. Changes to our Privacy Policy
+

If we decide to change our privacy policy, we will post those changes on this page.

+ +

This document is CC-BY-SA. It was last updated Jun 12, 2018.

+ +

Originally adapted from the Mastodon privacy policy.

+
+ @endif +
+
+
+
+@endsection +@push('meta') + +@endpush + +@push('styles') + +@endpush diff --git a/resources/views/mobile/terms.blade.php b/resources/views/mobile/terms.blade.php new file mode 100644 index 000000000..af049646c --- /dev/null +++ b/resources/views/mobile/terms.blade.php @@ -0,0 +1,62 @@ +@extends('layouts.blank') + +@section('content') +
+
+

Terms of Use

+

Last Updated: Sept 28, 2022

+
+
+ @if($page && $page->content) + {!! $page->content !!} + @else +
+
1. Terms
+

By accessing the website at {{config('app.url')}}, you are agreeing to be bound by these terms of service, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.

+
2. Use License
+
    +
  1. Permission is granted to temporarily download one copy of the materials (information or software) on Pixelfed's website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not: +
      +
    1. modify or copy the materials;
      2. +
    2. use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
      3. +
    3. attempt to decompile or reverse engineer any software contained on Pixelfed's website;
      4. +
    4. remove any copyright or other proprietary notations from the materials; or
      5. +
    5. transfer the materials to another person or "mirror" the materials on any other server.
      6. +
    +
    2. +
  2. This license shall automatically terminate if you violate any of these restrictions and may be terminated by Pixelfed at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.
    3. +
+
3. Disclaimer
+
    +
  1. The materials on Pixelfed's website are provided on an 'as is' basis. Pixelfed makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.
    2. +
  2. Further, Pixelfed does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.
    3. +
+
4. Limitations
+

In no event shall Pixelfed or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on Pixelfed's website, even if Pixelfed or a Pixelfed authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

+
5. Accuracy of materials
+

The materials appearing on Pixelfed's website could include technical, typographical, or photographic errors. Pixelfed does not warrant that any of the materials on its website are accurate, complete or current. Pixelfed may make changes to the materials contained on its website at any time without notice. However Pixelfed does not make any commitment to update the materials.

+
6. Links
+

Pixelfed has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Pixelfed of the site. Use of any such linked website is at the user's own risk.

+
7. Modifications
+

Pixelfed may revise these terms of service for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these terms of service.

+
8. Governing Law
+

These terms and conditions are governed by and construed in accordance with the laws of Canada and you irrevocably submit to the exclusive jurisdiction of the courts in that State or location.

+
+ @endif +
+
+
+
+@endsection + +@push('meta') + +@endpush + +@push('styles') + +@endpush diff --git a/routes/api.php b/routes/api.php index 4ba95cdb8..03bd07b66 100644 --- a/routes/api.php +++ b/routes/api.php @@ -110,6 +110,12 @@ Route::group(['prefix' => 'api'], function() use($middleware) { Route::get('apps-and-applications', 'Api\ApiV1Dot1Controller@accountApps')->middleware($middleware); }); + Route::group(['prefix' => 'collections'], function () use($middleware) { + Route::get('accounts/{id}', 'CollectionController@getUserCollections')->middleware($middleware); + Route::get('items/{id}', 'CollectionController@getItems')->middleware($middleware); + Route::get('view/{id}', 'CollectionController@getCollection')->middleware($middleware); + }); + Route::group(['prefix' => 'direct'], function () use($middleware) { Route::get('thread', 'DirectMessageController@thread')->middleware($middleware); Route::post('thread/send', 'DirectMessageController@create')->middleware($middleware); diff --git a/routes/web.php b/routes/web.php index 14e30da02..bf4dacac9 100644 --- a/routes/web.php +++ b/routes/web.php @@ -539,6 +539,11 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact Route::get('/{q}', 'InstallController@index')->withoutMiddleware(['web'])->where('q', '.*'); }); + Route::group(['prefix' => 'e'], function() { + Route::get('terms', 'MobileController@terms'); + Route::get('privacy', 'MobileController@privacy'); + }); + Route::get('stories/{username}', 'ProfileController@stories'); Route::get('p/{id}', 'StatusController@shortcodeRedirect'); Route::get('c/{collection}', 'CollectionController@show');