diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php index 3cc31514e..fbb5328ac 100644 --- a/app/Http/Controllers/Api/ApiV1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Controller.php @@ -78,6 +78,56 @@ class ApiV1Controller extends Controller return response()->json($res); } + public function accountUpdateCredentials(Request, $request) + { + abort_if(!$request->user(), 403); + + $this->validate($request, [ + 'display_name' => 'nullable|string', + 'note' => 'nullable|string', + 'locked' => 'nullable|boolean', + // 'source.privacy' => 'nullable|in:unlisted,public,private', + // 'source.sensitive' => 'nullable|boolean' + ]); + + $user = $request->user(); + $profile = $user->profile; + + $displayName = $request->input('display_name'); + $note = $request->input('note'); + $locked = $request->input('locked'); + // $privacy = $request->input('source.privacy'); + // $sensitive = $request->input('source.sensitive'); + + $changes = false; + + if($displayName !== $user->name) { + $user->name = $displayName; + $profile->name = $displayName; + $changes = true; + } + + if($note !== $profile->bio) { + $profile->bio = e($note); + $changes = true; + } + + if(!is_null($locked)) { + $profile->is_private = $locked; + $changes = true; + } + + if($changes) { + $user->save(); + $profile->save() + } + + $resource = new Fractal\Resource\Item($profile, new AccountTransformer()); + $res = $this->fractal->createData($resource)->toArray(); + + return response()->json($res); + } + public function statusById(Request $request, $id) { $status = Status::whereVisibility('public')->findOrFail($id); @@ -125,4 +175,22 @@ class ApiV1Controller extends Controller return response()->json($res); } + + public function createStatus(Request $request) + { + abort_if(!$request->user(), 403); + + $this->validate($request, [ + 'status' => 'string', + 'media_ids' => 'array', + 'media_ids.*' => 'integer|min:1', + 'sensitive' => 'nullable|boolean', + 'visibility' => 'string|in:private,unlisted,public', + 'in_reply_to_id' => 'integer' + ]); + + if(!$request->filled('media_ids') && !$request->filled('in_reply_to_id')) { + abort(403, 'Empty statuses are not allowed'); + } + } } \ No newline at end of file diff --git a/routes/web.php b/routes/web.php index 5f8d730fe..fc881e047 100644 --- a/routes/web.php +++ b/routes/web.php @@ -78,6 +78,7 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact Route::group(['prefix' => 'v1'], function () { Route::get('accounts/verify_credentials', 'ApiController@verifyCredentials')->middleware('auth:api'); + Route::patch('accounts/update_credentials', 'Api\ApiV1Controller@accountUpdateCredentials')->middleware('auth:api'); Route::get('accounts/relationships', 'PublicApiController@relationships')->middleware('auth:api'); Route::get('accounts/{id}/statuses', 'PublicApiController@accountStatuses')->middleware('auth:api'); Route::get('accounts/{id}/following', 'PublicApiController@accountFollowing')->middleware('auth:api'); @@ -91,6 +92,7 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact Route::get('notifications', 'ApiController@notifications')->middleware('auth:api'); Route::get('timelines/public', 'PublicApiController@publicTimelineApi'); Route::get('timelines/home', 'PublicApiController@homeTimelineApi')->middleware('auth:api'); + Route::post('status', 'Api\ApiV1Controller@createStatus')->middleware('auth:api'); }); Route::group(['prefix' => 'v2'], function() { Route::get('config', 'ApiController@siteConfiguration');