diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/api/v1/accounts_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/api/v1/follows_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/api/v1/media_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/api/v1/statuses_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/api_controller.rb | 22 | ||||
-rw-r--r-- | app/controllers/home_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/oauth/authorizations_controller.rb | 9 |
7 files changed, 40 insertions, 5 deletions
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 2669315e2..bb3e54a89 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -1,5 +1,7 @@ class Api::V1::AccountsController < ApiController - before_action :doorkeeper_authorize! + before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock] + before_action -> { doorkeeper_authorize! :follow }, only: [:follow, :unfollow, :block, :unblock] + before_action :set_account, except: [:verify_credentials, :suggestions] respond_to :json diff --git a/app/controllers/api/v1/follows_controller.rb b/app/controllers/api/v1/follows_controller.rb index 739ac1fb1..9181cd077 100644 --- a/app/controllers/api/v1/follows_controller.rb +++ b/app/controllers/api/v1/follows_controller.rb @@ -1,5 +1,5 @@ class Api::V1::FollowsController < ApiController - before_action :doorkeeper_authorize! + before_action -> { doorkeeper_authorize! :follow } respond_to :json def create diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb index 7efe38bd8..dffc797fe 100644 --- a/app/controllers/api/v1/media_controller.rb +++ b/app/controllers/api/v1/media_controller.rb @@ -1,5 +1,5 @@ class Api::V1::MediaController < ApiController - before_action :doorkeeper_authorize! + before_action -> { doorkeeper_authorize! :write } respond_to :json def create diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index a7305233e..b02b7bb57 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -1,5 +1,7 @@ class Api::V1::StatusesController < ApiController - before_action :doorkeeper_authorize! + before_action -> { doorkeeper_authorize! :read }, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite] + before_action -> { doorkeeper_authorize! :write }, only: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite] + respond_to :json def show diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index e29892cbe..0776f4ce8 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,7 +1,10 @@ class ApiController < ApplicationController protect_from_forgery with: :null_session + skip_before_action :verify_authenticity_token + before_action :set_rate_limit_headers + rescue_from ActiveRecord::RecordInvalid do |e| render json: { error: e.to_s }, status: 422 end @@ -22,8 +25,27 @@ class ApiController < ApplicationController render json: { error: 'Remote SSL certificate could not be verified' }, status: 503 end + def doorkeeper_unauthorized_render_options(*) + { json: { error: 'Not authorized' } } + end + + def doorkeeper_forbidden_render_options(*) + { json: { error: 'This action is outside the authorized scopes' } } + end + protected + def set_rate_limit_headers + return if request.env['rack.attack.throttle_data'].nil? + + now = Time.now.utc + match_data = request.env['rack.attack.throttle_data']['api'] + + response.headers['X-RateLimit-Limit'] = match_data[:limit].to_s + response.headers['X-RateLimit-Remaining'] = (match_data[:limit] - match_data[:count]).to_s + response.headers['X-RateLimit-Reset'] = (now + (match_data[:period] - now.to_i % match_data[:period])).to_s + end + def current_resource_owner User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token end diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index 4e6b2a879..8ed88d074 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -15,6 +15,6 @@ class HomeController < ApplicationController end def find_or_create_access_token - Doorkeeper::AccessToken.find_or_create_for(Doorkeeper::Application.where(superapp: true).first, current_user.id, nil, Doorkeeper.configuration.access_token_expires_in, Doorkeeper.configuration.refresh_token_enabled?) + Doorkeeper::AccessToken.find_or_create_for(Doorkeeper::Application.where(superapp: true).first, current_user.id, 'read write follow', Doorkeeper.configuration.access_token_expires_in, Doorkeeper.configuration.refresh_token_enabled?) end end diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb new file mode 100644 index 000000000..f5f05814e --- /dev/null +++ b/app/controllers/oauth/authorizations_controller.rb @@ -0,0 +1,9 @@ +class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController + before_action :store_current_location + + private + + def store_current_location + store_location_for(:user, request.url) + end +end |