diff options
author | Matt Jankowski <mjankowski@thoughtbot.com> | 2017-06-07 14:09:25 -0400 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-06-07 20:09:25 +0200 |
commit | 73540ffe6b03cf27dd7738ebd157573488f376cf (patch) | |
tree | a8b37da451a087ae4c265de5cd7135b4a45c7119 /app/controllers/api/base_controller.rb | |
parent | 92bb16624632beb490bb84a51b9a868d4b71eb6a (diff) |
Clean up for api/base controller (#3629)
* Move ApiController to Api/BaseController * API controllers inherit from Api::BaseController * Add coverage for various error cases in api/base controller
Diffstat (limited to 'app/controllers/api/base_controller.rb')
-rw-r--r-- | app/controllers/api/base_controller.rb | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb new file mode 100644 index 000000000..c1b2ec3cf --- /dev/null +++ b/app/controllers/api/base_controller.rb @@ -0,0 +1,93 @@ +# frozen_string_literal: true + +class Api::BaseController < ApplicationController + DEFAULT_STATUSES_LIMIT = 20 + DEFAULT_ACCOUNTS_LIMIT = 40 + + include RateLimitHeaders + + skip_before_action :verify_authenticity_token + skip_before_action :store_current_location + + rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e| + render json: { error: e.to_s }, status: 422 + end + + rescue_from ActiveRecord::RecordNotFound do + render json: { error: 'Record not found' }, status: 404 + end + + rescue_from Goldfinger::Error do + render json: { error: 'Remote account could not be resolved' }, status: 422 + end + + rescue_from HTTP::Error do + render json: { error: 'Remote data could not be fetched' }, status: 503 + end + + rescue_from OpenSSL::SSL::SSLError do + render json: { error: 'Remote SSL certificate could not be verified' }, status: 503 + end + + rescue_from Mastodon::NotPermittedError do + render json: { error: 'This action is not allowed' }, status: 403 + end + + def doorkeeper_unauthorized_render_options(error: nil) + { json: { error: (error.try(:description) || 'Not authorized') } } + end + + def doorkeeper_forbidden_render_options(*) + { json: { error: 'This action is outside the authorized scopes' } } + end + + protected + + def set_pagination_headers(next_path = nil, prev_path = nil) + links = [] + links << [next_path, [%w(rel next)]] if next_path + links << [prev_path, [%w(rel prev)]] if prev_path + response.headers['Link'] = LinkHeader.new(links) + end + + def limit_param(default_limit) + return default_limit unless params[:limit] + [params[:limit].to_i.abs, default_limit * 2].min + end + + def current_resource_owner + @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token + end + + def current_user + current_resource_owner || super + rescue ActiveRecord::RecordNotFound + nil + end + + def require_user! + current_resource_owner + set_user_activity + rescue ActiveRecord::RecordNotFound + render json: { error: 'This method requires an authenticated user' }, status: 422 + end + + def render_empty + render json: {}, status: 200 + end + + def set_maps(statuses) # rubocop:disable Style/AccessorMethodName + if current_account.nil? + @reblogs_map = {} + @favourites_map = {} + @mutes_map = {} + return + end + + status_ids = statuses.compact.flat_map { |s| [s.id, s.reblog_of_id] }.uniq + conversation_ids = statuses.compact.map(&:conversation_id).compact.uniq + @reblogs_map = Status.reblogs_map(status_ids, current_account) + @favourites_map = Status.favourites_map(status_ids, current_account) + @mutes_map = Status.mutes_map(conversation_ids, current_account) + end +end |