Merge pull request #5067 from pixelfed/staging

Update ApiV1Dot1Controller, fix in app registration bug that prevents…
2024-11-22 22:41:27 +00:00 · 2024-04-30 23:29:37 -06:00 · 2024-04-30 23:29:37 -06:00 · 3e59dd2868
commit 3e59dd2868
parent cf10fca74f cbf996c9b6
1 changed files with 890 additions and 882 deletions
--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
@ -2,45 +2,41 @@

 namespace App\Http\Controllers\Api;

-use Cache;
-use DB;
-use App\Http\Controllers\Controller;
-use Illuminate\Http\Request;
-use League\Fractal;
-use League\Fractal\Serializer\ArraySerializer;
-use League\Fractal\Pagination\IlluminatePaginatorAdapter;
 use App\AccountLog;
 use App\EmailVerification;
-use App\Follower;
+use App\Http\Controllers\Controller;
+use App\Http\Resources\StatusStateless;
+use App\Jobs\ReportPipeline\ReportNotifyAdminViaEmail;
+use App\Jobs\StatusPipeline\RemoteStatusDelete;
+use App\Jobs\StatusPipeline\StatusDelete;
+use App\Mail\ConfirmAppEmail;
+use App\Mail\PasswordChange;
 use App\Place;
-use App\Status;
-use App\Report;
 use App\Profile;
+use App\Report;
+use App\Services\AccountService;
+use App\Services\BouncerService;
+use App\Services\EmailService;
+use App\Services\FollowerService;
+use App\Services\NetworkTimelineService;
+use App\Services\ProfileStatusService;
+use App\Services\PublicTimelineService;
+use App\Services\StatusService;
+use App\Status;
 use App\StatusArchived;
 use App\User;
 use App\UserSetting;
-use App\Services\AccountService;
-use App\Services\FollowerService;
-use App\Services\StatusService;
-use App\Services\ProfileStatusService;
-use App\Services\LikeService;
-use App\Services\ReblogService;
-use App\Services\PublicTimelineService;
-use App\Services\NetworkTimelineService;
 use App\Util\Lexer\RestrictedNames;
-use App\Services\BouncerService;
-use App\Services\EmailService;
-use Illuminate\Support\Str;
+use Cache;
+use DB;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
-use Jenssegers\Agent\Agent;
-use Mail;
-use App\Mail\PasswordChange;
-use App\Mail\ConfirmAppEmail;
-use App\Http\Resources\StatusStateless;
-use App\Jobs\StatusPipeline\StatusDelete;
-use App\Jobs\StatusPipeline\RemoteStatusDelete;
-use App\Jobs\ReportPipeline\ReportNotifyAdminViaEmail;
 use Illuminate\Support\Facades\RateLimiter;
+use Illuminate\Support\Str;
+use Jenssegers\Agent\Agent;
+use League\Fractal;
+use League\Fractal\Serializer\ArraySerializer;
+use Mail;

 class ApiV1Dot1Controller extends Controller
 {
@ -60,9 +56,10 @@ class ApiV1Dot1Controller extends Controller
    public function error($msg, $code = 400, $extra = [], $headers = [])
    {
        $res = [
-			"msg" => $msg,
-			"code" => $code
+            'msg' => $msg,
+            'code' => $code,
        ];
+
        return response()->json(array_merge($res, $extra), $code, $headers, JSON_UNESCAPED_SLASHES);
    }

@ -91,19 +88,19 @@ class ApiV1Dot1Controller extends Controller
            'copyright',
            'impersonation',
            'scam',
-			'terrorism'
+            'terrorism',
        ];

        if (! $report_type || ! $object_id || ! $object_type) {
-			return $this->error("Invalid or missing parameters", 400, ["error_code" => "ERROR_INVALID_PARAMS"]);
+            return $this->error('Invalid or missing parameters', 400, ['error_code' => 'ERROR_INVALID_PARAMS']);
        }

        if (! in_array($report_type, $types)) {
-			return $this->error("Invalid report type", 400, ["error_code" => "ERROR_TYPE_INVALID"]);
+            return $this->error('Invalid report type', 400, ['error_code' => 'ERROR_TYPE_INVALID']);
        }

-		if ($object_type === "user" && $object_id == $user->profile_id) {
-			return $this->error("Cannot self report", 400, ["error_code" => "ERROR_NO_SELF_REPORTS"]);
+        if ($object_type === 'user' && $object_id == $user->profile_id) {
+            return $this->error('Cannot self report', 400, ['error_code' => 'ERROR_NO_SELF_REPORTS']);
        }

        $rpid = null;
@ -112,7 +109,7 @@ class ApiV1Dot1Controller extends Controller
            case 'post':
                $object = Status::find($object_id);
                if (! $object) {
-					return $this->error("Invalid object id", 400, ["error_code" => "ERROR_INVALID_OBJECT_ID"]);
+                    return $this->error('Invalid object id', 400, ['error_code' => 'ERROR_INVALID_OBJECT_ID']);
                }
                $object_type = 'App\Status';
                $exists = Report::whereUserId($user->id)
@ -126,7 +123,7 @@ class ApiV1Dot1Controller extends Controller
            case 'user':
                $object = Profile::find($object_id);
                if (! $object) {
-					return $this->error("Invalid object id", 400, ["error_code" => "ERROR_INVALID_OBJECT_ID"]);
+                    return $this->error('Invalid object id', 400, ['error_code' => 'ERROR_INVALID_OBJECT_ID']);
                }
                $object_type = 'App\Profile';
                $exists = Report::whereUserId($user->id)
@ -137,16 +134,16 @@ class ApiV1Dot1Controller extends Controller
                break;

            default:
-				return $this->error("Invalid report type", 400, ["error_code" => "ERROR_REPORT_OBJECT_TYPE_INVALID"]);
+                return $this->error('Invalid report type', 400, ['error_code' => 'ERROR_REPORT_OBJECT_TYPE_INVALID']);
                break;
        }

        if ($exists !== 0) {
-			return $this->error("Duplicate report", 400, ["error_code" => "ERROR_REPORT_DUPLICATE"]);
+            return $this->error('Duplicate report', 400, ['error_code' => 'ERROR_REPORT_DUPLICATE']);
        }

        if ($object->profile_id == $user->profile_id) {
-			return $this->error("Cannot self report", 400, ["error_code" => "ERROR_NO_SELF_REPORTS"]);
+            return $this->error('Cannot self report', 400, ['error_code' => 'ERROR_NO_SELF_REPORTS']);
        }

        $report = new Report;
@ -163,9 +160,10 @@ class ApiV1Dot1Controller extends Controller
        }

        $res = [
-			"msg" => "Successfully sent report",
-			"code" => 200
+            'msg' => 'Successfully sent report',
+            'code' => 200,
        ];
+
        return $this->json($res);
    }

@ -270,9 +268,9 @@ class ApiV1Dot1Controller extends Controller
        $this->validate($request, [
            'current_password' => 'bail|required|current_password',
            'new_password' => 'required|min:'.config('pixelfed.min_password_length', 8),
-			'confirm_password' => 'required|same:new_password'
+            'confirm_password' => 'required|same:new_password',
        ], [
-			'current_password' => 'The password you entered is incorrect'
+            'current_password' => 'The password you entered is incorrect',
        ]);

        $user->password = bcrypt($request->input('new_password'));
@ -320,6 +318,7 @@ class ApiV1Dot1Controller extends Controller
            ->get()
            ->map(function ($item) use ($agent, $currentIp) {
                $agent->setUserAgent($item->user_agent);
+
                return [
                    'id' => $item->id,
                    'action' => $item->action,
@ -329,7 +328,7 @@ class ApiV1Dot1Controller extends Controller
                    'device' => $agent->device(),
                    'browser' => $agent->browser(),
                    'platform' => $agent->platform(),
-					'created_at' => $item->created_at->format('c')
+                    'created_at' => $item->created_at->format('c'),
                ];
            });

@ -355,8 +354,9 @@ class ApiV1Dot1Controller extends Controller

        $res = [
            'active' => (bool) $user->{'2fa_enabled'},
-			'setup_at' => $user->{'2fa_setup_at'}
+            'setup_at' => $user->{'2fa_setup_at'},
        ];
+
        return $this->json($res);
    }

@ -388,7 +388,7 @@ class ApiV1Dot1Controller extends Controller
                    'subject' => 'Confirm Email',
                    'to_address' => $user->email,
                    'from_address' => $from,
-					'created_at' => str_replace('@', 'at', $mail->created_at->format('M j, Y @ g:i:s A'))
+                    'created_at' => str_replace('@', 'at', $mail->created_at->format('M j, Y @ g:i:s A')),
                ];
            })
            ->toArray();
@ -405,7 +405,7 @@ class ApiV1Dot1Controller extends Controller
                    'subject' => 'Reset Password Notification',
                    'to_address' => $user->email,
                    'from_address' => $from,
-					'created_at' => str_replace('@', 'at', now()->parse($mail->created_at)->format('M j, Y @ g:i:s A'))
+                    'created_at' => str_replace('@', 'at', now()->parse($mail->created_at)->format('M j, Y @ g:i:s A')),
                ];
            })
            ->toArray();
@ -422,7 +422,7 @@ class ApiV1Dot1Controller extends Controller
                    'subject' => 'Password Change',
                    'to_address' => $user->email,
                    'from_address' => $from,
-					'created_at' => str_replace('@', 'at', now()->parse($mail->created_at)->format('M j, Y @ g:i:s A'))
+                    'created_at' => str_replace('@', 'at', now()->parse($mail->created_at)->format('M j, Y @ g:i:s A')),
                ];
            })
            ->toArray();
@ -462,7 +462,7 @@ class ApiV1Dot1Controller extends Controller
                'scopes' => $token->scopes,
                'revoked' => $token->revoked,
                'created_at' => str_replace('@', 'at', now()->parse($token->created_at)->format('M j, Y @ g:i:s A')),
-				'expires_at' => str_replace('@', 'at', now()->parse($token->expires_at)->format('M j, Y @ g:i:s A'))
+                'expires_at' => str_replace('@', 'at', now()->parse($token->expires_at)->format('M j, Y @ g:i:s A')),
            ];
        });

@ -487,7 +487,8 @@ class ApiV1Dot1Controller extends Controller
            abort_if(BouncerService::checkIp($request->ip()), 404);
        }

-		$rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function(){}, config('pixelfed.app_registration_rate_limit_decay', 1800));
+        $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function () {
+        }, config('pixelfed.app_registration_rate_limit_decay', 1800));
        abort_if(! $rl, 400, 'Too many requests');

        $this->validate($request, [
@ -575,7 +576,7 @@ class ApiV1Dot1Controller extends Controller
        $params = http_build_query([
            'ut' => $user->app_register_token,
            'rt' => $rtoken,
-			'ea' => base64_encode($user->email)
+            'ea' => base64_encode($user->email),
        ]);
        $appUrl = url('/api/v1.1/auth/iarer?'.$params);

@ -591,7 +592,7 @@ class ApiV1Dot1Controller extends Controller
        $this->validate($request, [
            'ut' => 'required',
            'rt' => 'required',
-			'ea' => 'required'
+            'ea' => 'required',
        ]);
        $ut = $request->input('ut');
        $rt = $request->input('rt');
@ -600,9 +601,10 @@ class ApiV1Dot1Controller extends Controller
            'ut' => $ut,
            'rt' => $rt,
            'domain' => config('pixelfed.domain.app'),
-			'ea' => $ea
+            'ea' => $ea,
        ]);
        $url = 'pixelfed://confirm-account/'.$ut.'?'.$params;
+
        return redirect()->away($url);
    }

@ -616,13 +618,14 @@ class ApiV1Dot1Controller extends Controller
            abort_if(BouncerService::checkIp($request->ip()), 404);
        }

-		$rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
+        $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () {
+        }, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
        abort_if(! $rl, 429, 'Too many requests');

-		$this->validate($request, [
+        $request->validate([
            'user_token' => 'required',
            'random_token' => 'required',
-			'email' => 'required'
+            'email' => 'required',
        ]);

        $verify = EmailVerification::whereEmail($request->input('email'))
@ -636,6 +639,7 @@ class ApiV1Dot1Controller extends Controller

        if ($verify->created_at->lt(now()->subHours(24))) {
            $verify->delete();
+
            return response()->json(['error' => 'Invalid tokens'], 403);
        }

@ -644,10 +648,10 @@ class ApiV1Dot1Controller extends Controller
        $user->last_active_at = now();
        $user->save();

-		$token = $user->createToken('Pixelfed');
+        $token = $user->createToken('Pixelfed', ['read', 'write', 'follow', 'admin:read', 'admin:write', 'push']);

        return response()->json([
-			'access_token' => $token->accessToken
+            'access_token' => $token->accessToken,
        ]);
    }

@ -760,14 +764,13 @@ class ApiV1Dot1Controller extends Controller
            ->values();

        return [
-			'place' =>
-			[
+            'place' => [
                'id' => $place->id,
                'name' => $place->name,
                'slug' => $place->slug,
                'country' => $place->country,
                'lat' => $place->lat,
-				'long' => $place->long
+                'long' => $place->long,
            ],
            'posts' => $posts];
    }
@ -783,7 +786,7 @@ class ApiV1Dot1Controller extends Controller
        }

        $this->validate($request, [
-			'action' => 'required|in:cw,mark-public,mark-unlisted,mark-private,mark-spammer,delete'
+            'action' => 'required|in:cw,mark-public,mark-unlisted,mark-private,mark-spammer,delete',
        ]);

        $action = $request->input('action');
@ -803,7 +806,7 @@ class ApiV1Dot1Controller extends Controller
            $status->profile->update([
                'unlisted' => true,
                'cw' => true,
-				'no_autolink' => true
+                'no_autolink' => true,
            ]);

            Status::whereProfileId($status->profile_id)
@ -872,6 +875,7 @@ class ApiV1Dot1Controller extends Controller
            StatusService::del($status->id, true);
            Cache::forget('profile:status_count:'.$status->profile_id);
            $status->uri ? RemoteStatusDelete::dispatch($status) : StatusDelete::dispatch($status);
+
            return [];
        }

@ -887,11 +891,12 @@ class ApiV1Dot1Controller extends Controller

        $uid = $request->user()->id;
        $settings = UserSetting::firstOrCreate([
-            'user_id' => $uid
+            'user_id' => $uid,
        ]);
        if (! $settings->other) {
            return [];
        }
+
        return $settings->other;
    }

@ -902,12 +907,12 @@ class ApiV1Dot1Controller extends Controller

        $this->validate($request, [
            'field' => 'required|in:enable_reblogs,hide_reblog_banner',
-            'value' => 'required'
+            'value' => 'required',
        ]);
        $field = $request->input('field');
        $value = $request->input('value');
        $settings = UserSetting::firstOrCreate([
-            'user_id' => $request->user()->id
+            'user_id' => $request->user()->id,
        ]);
        if (! $settings->other) {
            $other = [];
@ -927,7 +932,9 @@ class ApiV1Dot1Controller extends Controller
        abort_unless($request->user()->tokenCan('follows'), 403);

        $account = AccountService::get($id, true);
-        if(!$account || !isset($account['id'])) { return []; }
+        if (! $account || ! isset($account['id'])) {
+            return [];
+        }
        $res = collect(FollowerService::mutualAccounts($request->user()->profile_id, $id))
            ->map(function ($accountId) {
                return AccountService::get($accountId, true);
@ -935,6 +942,7 @@ class ApiV1Dot1Controller extends Controller
            ->filter()
            ->take(24)
            ->values();
+
        return $this->json($res);
    }
 }