diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/accounts_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/activitypub/collections_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/activitypub/outboxes_controller.rb | 5 | ||||
-rw-r--r-- | app/controllers/admin/accounts_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/api/v1/polls_controller.rb | 17 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 5 | ||||
-rw-r--r-- | app/controllers/concerns/account_controller_concern.rb | 1 | ||||
-rw-r--r-- | app/controllers/custom_css_controller.rb | 1 | ||||
-rw-r--r-- | app/controllers/emojis_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/follower_accounts_controller.rb | 5 | ||||
-rw-r--r-- | app/controllers/following_accounts_controller.rb | 5 | ||||
-rw-r--r-- | app/controllers/statuses_controller.rb | 12 | ||||
-rw-r--r-- | app/controllers/stream_entries_controller.rb | 14 |
13 files changed, 26 insertions, 49 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index fcdebb47f..051b6ecbd 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -47,8 +47,6 @@ class AccountsController < ApplicationController end format.json do - mark_cacheable! - render_cached_json(['activitypub', 'actor', @account], content_type: 'application/activity+json') do ActiveModelSerializers::SerializableResource.new(@account, serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter) end diff --git a/app/controllers/activitypub/collections_controller.rb b/app/controllers/activitypub/collections_controller.rb index 853f4f907..012c3c538 100644 --- a/app/controllers/activitypub/collections_controller.rb +++ b/app/controllers/activitypub/collections_controller.rb @@ -9,8 +9,6 @@ class ActivityPub::CollectionsController < Api::BaseController before_action :set_cache_headers def show - skip_session! - render_cached_json(['activitypub', 'collection', @account, params[:id]], content_type: 'application/activity+json') do ActiveModelSerializers::SerializableResource.new( collection_presenter, diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb index 438fa226e..5147afbf7 100644 --- a/app/controllers/activitypub/outboxes_controller.rb +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -10,10 +10,7 @@ class ActivityPub::OutboxesController < Api::BaseController before_action :set_cache_headers def show - unless page_requested? - skip_session! - expires_in 1.minute, public: true - end + expires_in 1.minute, public: true unless page_requested? render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json' end diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb index e7795e95c..b0d45ce47 100644 --- a/app/controllers/admin/accounts_controller.rb +++ b/app/controllers/admin/accounts_controller.rb @@ -48,13 +48,13 @@ module Admin def approve authorize @account.user, :approve? @account.user.approve! - redirect_to admin_accounts_path(pending: '1') + redirect_to admin_pending_accounts_path end def reject authorize @account.user, :reject? SuspendAccountService.new.call(@account, including_user: true, destroy: true, skip_distribution: true) - redirect_to admin_accounts_path(pending: '1') + redirect_to admin_pending_accounts_path end def unsilence diff --git a/app/controllers/api/v1/polls_controller.rb b/app/controllers/api/v1/polls_controller.rb index 4f4a6858d..031e6d42d 100644 --- a/app/controllers/api/v1/polls_controller.rb +++ b/app/controllers/api/v1/polls_controller.rb @@ -1,13 +1,28 @@ # frozen_string_literal: true class Api::V1::PollsController < Api::BaseController + include Authorization + before_action -> { authorize_if_got_token! :read, :'read:statuses' }, only: :show + before_action :set_poll + before_action :refresh_poll respond_to :json def show + render json: @poll, serializer: REST::PollSerializer, include_results: true + end + + private + + def set_poll @poll = Poll.attached.find(params[:id]) + authorize @poll.status, :show? + rescue Mastodon::NotPermittedError + raise ActiveRecord::RecordNotFound + end + + def refresh_poll ActivityPub::FetchRemotePollService.new.call(@poll, current_account) if user_signed_in? && @poll.possibly_stale? - render json: @poll, serializer: REST::PollSerializer, include_results: true end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5401b9d59..333082f68 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -228,11 +228,6 @@ class ApplicationController < ActionController::Base end def mark_cacheable! - skip_session! expires_in 0, public: true end - - def skip_session! - request.session_options[:skip] = true - end end diff --git a/app/controllers/concerns/account_controller_concern.rb b/app/controllers/concerns/account_controller_concern.rb index 4f28941ae..1c422096c 100644 --- a/app/controllers/concerns/account_controller_concern.rb +++ b/app/controllers/concerns/account_controller_concern.rb @@ -70,7 +70,6 @@ module AccountControllerConcern def check_account_suspension if @account.suspended? - skip_session! expires_in(3.minutes, public: true) gone end diff --git a/app/controllers/custom_css_controller.rb b/app/controllers/custom_css_controller.rb index 31e501609..be768c089 100644 --- a/app/controllers/custom_css_controller.rb +++ b/app/controllers/custom_css_controller.rb @@ -4,7 +4,6 @@ class CustomCssController < ApplicationController before_action :set_cache_headers def show - skip_session! render plain: Setting.custom_css || '', content_type: 'text/css' end end diff --git a/app/controllers/emojis_controller.rb b/app/controllers/emojis_controller.rb index 5d306e600..3feb08132 100644 --- a/app/controllers/emojis_controller.rb +++ b/app/controllers/emojis_controller.rb @@ -7,8 +7,6 @@ class EmojisController < ApplicationController def show respond_to do |format| format.json do - skip_session! - render_cached_json(['activitypub', 'emoji', @emoji], content_type: 'application/activity+json') do ActiveModelSerializers::SerializableResource.new(@emoji, serializer: ActivityPub::EmojiSerializer, adapter: ActivityPub::Adapter) end diff --git a/app/controllers/follower_accounts_controller.rb b/app/controllers/follower_accounts_controller.rb index 1462b94fc..fab9c8462 100644 --- a/app/controllers/follower_accounts_controller.rb +++ b/app/controllers/follower_accounts_controller.rb @@ -20,10 +20,7 @@ class FollowerAccountsController < ApplicationController format.json do raise Mastodon::NotPermittedError if params[:page].present? && @account.user_hides_network? - if params[:page].blank? - skip_session! - expires_in 3.minutes, public: true - end + expires_in 3.minutes, public: true if params[:page].blank? render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, diff --git a/app/controllers/following_accounts_controller.rb b/app/controllers/following_accounts_controller.rb index 181f85221..272116040 100644 --- a/app/controllers/following_accounts_controller.rb +++ b/app/controllers/following_accounts_controller.rb @@ -20,10 +20,7 @@ class FollowingAccountsController < ApplicationController format.json do raise Mastodon::NotPermittedError if params[:page].present? && @account.user_hides_network? - if params[:page].blank? - skip_session! - expires_in 3.minutes, public: true - end + expires_in 3.minutes, public: true if params[:page].blank? render json: collection_presenter, serializer: ActivityPub::CollectionSerializer, diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 28eebda28..66ba260aa 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -29,10 +29,7 @@ class StatusesController < ApplicationController format.html do use_pack 'public' - unless user_signed_in? - skip_session! - expires_in 10.seconds, public: true - end + expires_in 10.seconds, public: true if current_account.nil? @body_classes = 'with-modals' @@ -43,8 +40,6 @@ class StatusesController < ApplicationController end format.json do - mark_cacheable! unless @stream_entry.hidden? - render_cached_json(['activitypub', 'note', @status], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter) end @@ -53,8 +48,6 @@ class StatusesController < ApplicationController end def activity - skip_session! - render_cached_json(['activitypub', 'activity', @status], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter) end @@ -64,7 +57,6 @@ class StatusesController < ApplicationController use_pack 'embed' raise ActiveRecord::RecordNotFound if @status.hidden? - skip_session! expires_in 180, public: true response.headers['X-Frame-Options'] = 'ALLOWALL' @autoplay = ActiveModel::Type::Boolean.new.cast(params[:autoplay]) @@ -73,8 +65,6 @@ class StatusesController < ApplicationController end def replies - skip_session! - render json: replies_collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb index 1e16c5157..1ee85592c 100644 --- a/app/controllers/stream_entries_controller.rb +++ b/app/controllers/stream_entries_controller.rb @@ -17,19 +17,13 @@ class StreamEntriesController < ApplicationController format.html do use_pack 'public' - unless user_signed_in? - skip_session! - expires_in 5.minutes, public: true - end + expires_in 5.minutes, public: true unless @stream_entry.hidden? - redirect_to short_account_status_url(params[:account_username], @stream_entry.activity) if @type == 'status' + redirect_to short_account_status_url(params[:account_username], @stream_entry.activity) end format.atom do - unless @stream_entry.hidden? - skip_session! - expires_in 3.minutes, public: true - end + expires_in 3.minutes, public: true unless @stream_entry.hidden? render xml: OStatus::AtomSerializer.render(OStatus::AtomSerializer.new.entry(@stream_entry, true)) end @@ -57,7 +51,7 @@ class StreamEntriesController < ApplicationController def set_stream_entry @stream_entry = @account.stream_entries.where(activity_type: 'Status').find(params[:id]) - @type = @stream_entry.activity_type.downcase + @type = 'status' raise ActiveRecord::RecordNotFound if @stream_entry.activity.nil? authorize @stream_entry.activity, :show? if @stream_entry.hidden? || @stream_entry.local_only? |