about summary refs log tree commit diff
path: root/app/controllers/api
AgeCommit message (Collapse)Author
2022-08-27Add admin API for managing IP blocks (#19065)Eugen Rochko
2022-08-25Add ability to filter individual posts (#18945)Claire
* Add database table for status-specific filters * Add REST endpoints, entities and attributes * Show status filters in /filters interface * Perform server-side filtering for individual posts filters * Fix filtering on context mismatch * Refactor `toServerSideType` by moving it to its own module * Move loupe and delete icons to their own module * Add ability to filter individual posts from WebUI * Replace keyword list by warnings (expired, context mismatch) * Refactor server-side filtering code * Add tests
2022-07-20Fix /api/v1/tags/:id route constraints (#18854)Claire
The constraint was applied prior to decoding, and rejected anything containing the '%' character, which would be used for anything with non-ASCII unicode characters.
2022-07-17Add ability to follow hashtags (#18809)Eugen Rochko
2022-07-13Change how hashtags are normalized (#18795)Eugen Rochko
* Change how hashtags are normalized * Fix tests
2022-07-05Add customizable user roles (#18641)Eugen Rochko
* Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
2022-06-28Revamp post filtering system (#18058)Claire
* Add model for custom filter keywords * Use CustomFilterKeyword internally Does not change the API * Fix /filters/edit and /filters/new * Add migration tests * Remove whole_word column from custom_filters (covered by custom_filter_keywords) * Redesign /filters Instead of a list, present a card that displays more information and handles multiple keywords per filter. * Redesign /filters/new and /filters/edit to add and remove keywords This adds a new gem dependency: cocoon, as well as a npm dependency: cocoon-js-vanilla. Those are used to easily populate and remove form fields from the user interface when manipulating multiple keyword filters at once. * Add /api/v2/filters to edit filter with multiple keywords Entities: - `Filter`: `id`, `title`, `filter_action` (either `hide` or `warn`), `context` `keywords` - `FilterKeyword`: `id`, `keyword`, `whole_word` API endpoits: - `GET /api/v2/filters` to list filters (including keywords) - `POST /api/v2/filters` to create a new filter `keywords_attributes` can also be passed to create keywords in one request - `GET /api/v2/filters/:id` to read a particular filter - `PUT /api/v2/filters/:id` to update a new filter `keywords_attributes` can also be passed to edit, delete or add keywords in one request - `DELETE /api/v2/filters/:id` to delete a particular filter - `GET /api/v2/filters/:id/keywords` to list keywords for a filter - `POST /api/v2/filters/:filter_id/keywords/:id` to add a new keyword to a filter - `GET /api/v2/filter_keywords/:id` to read a particular keyword - `PUT /api/v2/filter_keywords/:id` to edit a particular keyword - `DELETE /api/v2/filter_keywords/:id` to delete a particular keyword * Change from `irreversible` boolean to `action` enum * Remove irrelevent `irreversible_must_be_within_context` check * Fix /filters/new and /filters/edit with update for filter_action * Fix Rubocop/Codeclimate complaining about task names * Refactor FeedManager#phrase_filtered? This moves regexp building and filter caching to the `CustomFilter` class. This does not change the functional behavior yet, but this changes how the cache is built, doing per-custom_filter regexps so that filters can be matched independently, while still offering caching. * Perform server-side filtering and output result in REST API * Fix numerous filters_changed events being sent when editing multiple keywords at once * Add some tests * Use the new API in the WebUI - use client-side logic for filters we have fetched rules for. This is so that filter changes can be retroactively applied without reloading the UI. - use server-side logic for filters we haven't fetched rules for yet (e.g. network error, or initial timeline loading) * Minor optimizations and refactoring * Perform server-side filtering on the streaming server * Change the wording of filter action labels * Fix issues pointed out by linter * Change design of “Show anyway” link in accordence to review comments * Drop “irreversible” filtering behavior * Move /api/v2/filter_keywords to /api/v1/filters/keywords * Rename `filter_results` attribute to `filtered` * Rename REST::LegacyFilterSerializer to REST::V1::FilterSerializer * Fix systemChannelId value in streaming server * Simplify code by removing client-side filtering code The simplifcation comes at a cost though: filters aren't retroactively applied anymore.
2022-06-23Add /api/v1/admin/domain_allows (#18668)Claire
- `GET /api/v1/admin/domain_allows` lists allowed domains - `GET /api/v1/admin/domain_allows/:id` shows one by ID - `DELETE /api/v1/admin/domain_allows/:id` deletes a given domain from the list of allowed domains - `POST /api/v1/admin/domain_allows` to allow a new domain: if that domain is already allowed, the existing DomainAllow will be returned
2022-06-23use Notification::TYPES for api push subscription alerts (#18709)tateisu
2022-06-01Add /api/v1/admin/domain_blocks (#18247)Claire
* Add /api/v1/admin/domain_blocks Fixes #18140 - `GET /api/v1/admin/domain_blocks` lists domain blocks - `GET /api/v1/admin/domain_blocks/:id` shows one by ID - `DELETE /api/v1/admin/domain_blocks/:id` deletes a given domain block - `POST /api/v1/admin/domain_blocks` to create a new domain block: if it conflicts with an existing one, returns an error with an attribute `existing_domain_block` with the rendered domain block * Simplify conflict handling as suggested in review
2022-05-26Fix suspended users being able to access APIs that don't require a user (#18524)Eugen Rochko
2022-05-26Change unapproved and unconfirmed account to not be accessible in the REST ↵Claire
API (#17530) * Change unapproved and unconfirmed account to not be accessible in the REST API * Change Account#searchable? to reject unconfirmed and unapproved users * Disable search for unapproved and unconfirmed users in Account.search_for * Disable search for unapproved and unconfirmed users in Account.advanced_search_for * Remove unconfirmed and unapproved accounts from Account.searchable scope * Prevent mentions to unapproved/unconfirmed accounts * Fix some old tests for Account.advanced_search_for * Add some Account.advanced_search_for tests for existing behaviors * Add some tests for Account.search_for * Add Account.advanced_search_for tests unconfirmed and unapproved accounts * Add Account.searchable tests * Fix Account.without_unapproved scope potentially messing with previously-applied scopes * Allow lookup of unconfirmed/unapproved accounts through /api/v1/accounts/lookup This is so that the API can still be used to check whether an username is free to use.
2022-05-02Fix error when looking handle with surrounding spaces (#18225)Claire
2022-04-28Fix 500 error when a bookmark or favorite has been reported and deleted (#18174)Claire
2022-04-08Fix error resposes for `from` search prefix (#17963)0x2019
* Fix error responses in `from` search prefix (addresses mastodon/mastodon#17941) Using unsupported prefixes now reports a 422; searching for posts from an account the instance is not aware of reports a 404. TODO: The UI for this on the front end is abysmal. Searching `from:username@domain` now succeeds when `domain` is the local domain; searching `from:@username(@domain)?` now works as expected. * Remove unused methods on new Error classes as they are not being used Currently when `raise`d there are error messages being supplied, but this is not actually being used. The associated `raise`s have been edited accordingly. * Remove needless comments * Satisfy rubocop * Try fixing tests being unable to find AccountFindingConcern methods * Satisfy rubocop * Simplify `from` prefix logic This incorporates @ClearlyClaire's suggestion (see https://github.com/mastodon/mastodon/pull/17963#pullrequestreview-933986737). Accepctable account strings in `from:` clauses are more lenient than before this commit; for example, `from:@user@example.org@asnteo +cat` will not error, and return posts by @user@example.org containing the word "cat". This is more consistent with how Mastodon matches mentions in statuses. In addition, `from` clauses will not be checked for syntatically invalid usernames or domain names, simply 404ing when `Account.find_remote!` raises ActiveRecord::NotFound. New code for this PR that is no longer used has been removed.
2022-04-08Fix extremely rare race condition when deleting a toot or account (#17994)Claire
2022-04-07Fix pagination header on empty trends responses in REST API (#17986)Eugen Rochko
2022-04-06Fix admin API unconditionally requiring CSRF token (#17975)Claire
Fixes #17898 Since #17204, the admin API has only been available through the web application because of the unconditional requirement to provide a valid CSRF token. This commit changes it back to `null_session`, which should make it work both with session-based authentication (provided a CSRF token) and with a bearer token.
2022-04-06Fix `GET /api/v1/trends/tags` missing `offset` param in REST API (#17973)Eugen Rochko
2022-03-28Fix /api/v1/admin/accounts (#17887)Claire
* Fix /api/v1/admin/accounts Compatibility was broken since #17009 which changed the underlying filter class without changing the controller. This commits restore support for the old parameters. * Add /api/v2/admin/accounts with the new parameters * Add tests * Add missing filter for `silenced` status Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
2022-03-26Refactor formatter (#17828)Eugen Rochko
* Refactor formatter * Move custom emoji pre-rendering logic to view helpers * Move more methods out of Formatter * Fix code style issues * Remove Formatter * Add inline poll options to RSS feeds * Remove unused helper method * Fix code style issues * Various fixes and improvements * Fix test
2022-03-26Add offset pagination to trends in REST API (#17872)Eugen Rochko
2022-03-22Fix locale not being set in REST API (#17847)Eugen Rochko
2022-03-15Add `types` param to `GET /api/v1/notifications` in REST API (#17767)Eugen Rochko
* Add `types` param to `GET /api/v1/notifications` in REST API * Improve tests
2022-03-12Fix `POST /api/v1/emails/confirmations` not being available after sign-up ↵Eugen Rochko
(#17743)
2022-03-09Add rate limit for editing (#17728)Eugen Rochko
2022-03-08Fix performance of account timelines (#17709)Eugen Rochko
* Fix performance of account timelines * Various fixes and improvements * Fix duplicate results being returned Co-authored-by: Claire <claire.github-309c@sitedethib.com> * Fix grouping for pinned statuses scope Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-07Add `/api/v1/accounts/familiar_followers` to REST API (#17700)Eugen Rochko
* Add `/api/v1/accounts/familiar_followers` to REST API * Change hide network preference to be stored consistently for local and remote accounts * Add dummy classes to migration * Apply suggestions from code review Co-authored-by: Claire <claire.github-309c@sitedethib.com> Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-03-04Fix duplicate notifications being possible after poll expiration (#17697)Eugen Rochko
2022-03-03Allow editing media attachments for scheduled toots (#17690)Claire
Fixes #17676
2022-03-03Change `follow` scope to be covered by `read` and `write` scopes in REST API ↵Eugen Rochko
(#17678) Deprecate `follow` scope
2022-03-02Fix leak of existence of otherwise inaccessible statuses in REST API (#17684)Eugen Rochko
2022-03-02Fix report category not being saved in REST API (#17682)Eugen Rochko
2022-03-01Change authorized applications page (#17656)Eugen Rochko
* Change authorized applications page * Hide revoke button for superapps and suspended accounts * Clean up db/schema.rb
2022-02-25Add trending statuses (#17431)Eugen Rochko
* Add trending statuses * Fix dangling items with stale scores in localized sets * Various fixes and improvements - Change approve_all/reject_all to approve_accounts/reject_accounts - Change Trends::Query methods to not mutate the original query - Change Trends::Query#skip to offset - Change follow recommendations to be refreshed in a transaction * Add tests for trending statuses filtering behaviour * Fix not applying filtering scope in controller
2022-02-23Add notifications for new sign-ups (#16953)Eugen Rochko
2022-02-11Add notifications when a reblogged status has been updated (#17404)Eugen Rochko
* Add notifications when a reblogged status has been updated * Change wording to say "edit" instead of "update" and add missing controls * Replace previous update notifications with the most up-to-date one
2022-02-10Add editing for published statuses (#17320)Eugen Rochko
* Add editing for published statuses * Fix change of multiple-choice boolean in poll not resetting votes * Remove the ability to update existing media attachments for now
2022-02-10Add `category` and `rule_ids` params to `POST /api/v1/reports` (#17492)Eugen Rochko
2022-02-09Add edit history to web UI (#17390)Eugen Rochko
* Add edit history to web UI * Change history reducer to store items per status * Fix missing loading prop
2022-01-28Fix Sidekiq warnings about JSON serialization (#17381)Claire
* Fix Sidekiq warnings about JSON serialization This occurs on every symbol argument we pass, and every symbol key in hashes, because Sidekiq expects strings instead. See https://github.com/mperham/sidekiq/pull/5071 We do not need to change how workers parse their arguments because this has not changed and we were already converting to symbols adequately or using `with_indifferent_access`. * Set Sidekiq to raise on unsafe arguments in test mode In order to more easily catch issues that would produce warnings in production code.
2022-01-23Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)Claire
* Remove support for OAUTH_REDIRECT_AT_SIGN_IN Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being. * Add OMNIAUTH_ONLY environment variable to enforce external log-in only * Disable user registration when OMNIAUTH_ONLY is set to true * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider
2022-01-19Add support for editing for published statuses (#16697)Eugen Rochko
* Add support for editing for published statuses * Fix references to stripped-out code * Various fixes and improvements * Further fixes and improvements * Fix updates being potentially sent to unauthorized recipients * Various fixes and improvements * Fix wrong words in test * Fix notifying accounts that were tagged but were not in the audience * Fix mistake
2022-01-17Add notifications for statuses deleted by moderators (#17204)Eugen Rochko
2022-01-17Add support for private pinned posts (#16954)Claire
* Add support for private pinned toots * Allow local user to pin private toots * Change wording to avoid "direct message"
2022-01-16Remove IP tracking columns from users table (#16409)Eugen Rochko
2021-11-26Remove Keybase integration (#17045)Eugen Rochko
2021-11-25Add trending links (#16917)Eugen Rochko
* Add trending links * Add overriding specific links trendability * Add link type to preview cards and only trend articles Change trends review notifications from being sent every 5 minutes to being sent every 2 hours Change threshold from 5 unique accounts to 15 unique accounts * Fix tests
2021-10-18Add remove from followers api (#16864)Takeshi Umeda
* Add followed_by? to account_interactions * Add RemoveFromFollowersService * Fix AccountBatch to use RemoveFromFollowersService * Add remove from followers API
2021-10-14Add graphs and retention metrics to admin dashboard (#16829)Eugen Rochko