Update BaseApiController

This commit is contained in:
Daniel Supernault 2019-09-20 22:27:00 -06:00
parent 5c327a0ae2
commit 9886ec5954
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7

View file

@ -40,13 +40,15 @@ class BaseApiController extends Controller
public function __construct()
{
$this->middleware('auth');
// $this->middleware('auth');
$this->fractal = new Fractal\Manager();
$this->fractal->setSerializer(new ArraySerializer());
}
public function notifications(Request $request)
{
abort_if(!$request->user(), 403);
$pid = Auth::user()->profile->id;
$pg = $request->input('pg');
if($pg == true) {
@ -74,6 +76,7 @@ class BaseApiController extends Controller
public function accounts(Request $request, $id)
{
abort_if(!$request->user(), 403);
$profile = Profile::findOrFail($id);
$resource = new Fractal\Resource\Item($profile, new AccountTransformer());
$res = $this->fractal->createData($resource)->toArray();
@ -83,6 +86,7 @@ class BaseApiController extends Controller
public function accountFollowers(Request $request, $id)
{
abort_if(!$request->user(), 403);
$profile = Profile::findOrFail($id);
$followers = $profile->followers;
$resource = new Fractal\Resource\Collection($followers, new AccountTransformer());
@ -93,6 +97,7 @@ class BaseApiController extends Controller
public function accountFollowing(Request $request, $id)
{
abort_if(!$request->user(), 403);
$profile = Profile::findOrFail($id);
$following = $profile->following;
$resource = new Fractal\Resource\Collection($following, new AccountTransformer());
@ -103,6 +108,7 @@ class BaseApiController extends Controller
public function accountStatuses(Request $request, $id)
{
abort_if(!$request->user(), 403);
$this->validate($request, [
'only_media' => 'nullable',
'pinned' => 'nullable',
@ -152,6 +158,7 @@ class BaseApiController extends Controller
public function avatarUpdate(Request $request)
{
abort_if(!$request->user(), 403);
$this->validate($request, [
'upload' => 'required|mimes:jpeg,png,gif|max:'.config('pixelfed.max_avatar_size'),
]);
@ -188,6 +195,7 @@ class BaseApiController extends Controller
public function showTempMedia(Request $request, int $profileId, $mediaId)
{
abort_if(!$request->user(), 403);
abort_if(!$request->hasValidSignature(), 404);
abort_if(Auth::user()->profile_id !== $profileId, 404);
$media = Media::whereProfileId(Auth::user()->profile_id)->findOrFail($mediaId);
@ -197,6 +205,7 @@ class BaseApiController extends Controller
public function uploadMedia(Request $request)
{
abort_if(!$request->user(), 403);
$this->validate($request, [
'file.*' => function() {
return [
@ -278,6 +287,7 @@ class BaseApiController extends Controller
public function deleteMedia(Request $request)
{
abort_if(!$request->user(), 403);
$this->validate($request, [
'id' => 'required|integer|min:1|exists:media,id'
]);
@ -299,6 +309,7 @@ class BaseApiController extends Controller
public function verifyCredentials(Request $request)
{
abort_if(!$request->user(), 403);
$id = Auth::id();
$res = Cache::remember('user:account:id:'.$id, now()->addHours(6), function() use($id) {