5 files changed, 97 insertions, 1 deletions

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 8eda96336..d79ed142a 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -15,7 +15,9 @@ class AccountsController < ApplicationController
         render xml: AtomSerializer.render(AtomSerializer.new.feed(@account, @entries.to_a))
       end
 
-      format.activitystreams2
+      format.activitystreams2 do
+        headers['Access-Control-Allow-Origin'] = '*'
+      end
     end
   end
 
diff --git a/app/controllers/api/activitypub/activities_controller.rb b/app/controllers/api/activitypub/activities_controller.rb
new file mode 100644
index 000000000..03f27c7f6
--- /dev/null
+++ b/app/controllers/api/activitypub/activities_controller.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class Api::Activitypub::ActivitiesController < ApiController
+  # before_action :set_follow, only: [:show_follow]
+  before_action :set_status, only: [:show_status]
+
+  respond_to :activitystreams2
+
+  # Show a status in AS2 format, as either an Announce (reblog) or a Create (post) activity.
+  def show_status
+    headers['Access-Control-Allow-Origin'] = '*'
+
+    return forbidden unless @status.permitted?
+
+    if @status.reblog?
+      render :show_status_announce
+    else
+      render :show_status_create
+    end
+  end
+
+  private
+
+  def set_status
+    @status = Status.find(params[:id])
+  end
+end
diff --git a/app/controllers/api/activitypub/notes_controller.rb b/app/controllers/api/activitypub/notes_controller.rb
new file mode 100644
index 000000000..722961ec6
--- /dev/null
+++ b/app/controllers/api/activitypub/notes_controller.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Api::Activitypub::NotesController < ApiController
+  before_action :set_status
+
+  respond_to :activitystreams2
+
+  def show
+    headers['Access-Control-Allow-Origin'] = '*'
+
+    forbidden unless @status.permitted?
+  end
+
+  private
+
+  def set_status
+    @status = Status.find(params[:id])
+  end
+end
diff --git a/app/controllers/api/activitypub/outbox_controller.rb b/app/controllers/api/activitypub/outbox_controller.rb
new file mode 100644
index 000000000..05d779910
--- /dev/null
+++ b/app/controllers/api/activitypub/outbox_controller.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+class Api::Activitypub::OutboxController < ApiController
+  before_action :set_account
+
+  respond_to :activitystreams2
+
+  def show
+    headers['Access-Control-Allow-Origin'] = '*'
+
+    @statuses = Status.as_outbox_timeline(@account).paginate_by_max_id(limit_param(DEFAULT_STATUSES_LIMIT), params[:max_id], params[:since_id])
+    @statuses = cache_collection(@statuses)
+
+    set_maps(@statuses)
+
+    # Since the statuses are in reverse chronological order, last is the lowest ID.
+    @next_path = api_activitypub_outbox_url(max_id: @statuses.last.id) if @statuses.size == limit_param(DEFAULT_STATUSES_LIMIT)
+
+    unless @statuses.empty?
+      if @statuses.first.id == 1
+        @prev_path = api_activitypub_outbox_url
+      elsif params[:max_id]
+        @prev_path = api_activitypub_outbox_url(since_id: @statuses.first.id)
+      end
+    end
+
+    @paginated = @next_path || @prev_path
+
+    set_pagination_headers(@next_path, @prev_path)
+  end
+
+  private
+
+  def cache_collection(raw)
+    super(raw, Status)
+  end
+
+  def set_account
+    @account = Account.find(params[:id])
+  end
+end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 92755bcd3..ad2be71ee 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -62,6 +62,13 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def forbidden
+    respond_to do |format|
+      format.any  { head 403 }
+      format.html { render 'errors/403', layout: 'error', status: 403 }
+    end
+  end
+
   def unprocessable_entity
     respond_to do |format|
       format.any  { head 422 }