From 73540ffe6b03cf27dd7738ebd157573488f376cf Mon Sep 17 00:00:00 2001
From: Matt Jankowski <mjankowski@thoughtbot.com>
Date: Wed, 7 Jun 2017 14:09:25 -0400
Subject: Clean up for api/base controller (#3629)

* Move ApiController to Api/BaseController

* API controllers inherit from Api::BaseController

* Add coverage for various error cases in api/base controller
---
 .../api/activitypub/activities_controller.rb       |  2 +-
 .../api/activitypub/notes_controller.rb            |  2 +-
 .../api/activitypub/outbox_controller.rb           |  2 +-
 app/controllers/api/base_controller.rb             | 93 ++++++++++++++++++++++
 app/controllers/api/oembed_controller.rb           |  2 +-
 app/controllers/api/push_controller.rb             |  2 +-
 app/controllers/api/salmon_controller.rb           |  2 +-
 app/controllers/api/subscriptions_controller.rb    |  2 +-
 .../api/v1/accounts/credentials_controller.rb      |  2 +-
 .../v1/accounts/follower_accounts_controller.rb    |  2 +-
 .../v1/accounts/following_accounts_controller.rb   |  2 +-
 .../api/v1/accounts/relationships_controller.rb    |  2 +-
 .../api/v1/accounts/search_controller.rb           |  2 +-
 .../api/v1/accounts/statuses_controller.rb         |  2 +-
 app/controllers/api/v1/accounts_controller.rb      |  2 +-
 app/controllers/api/v1/apps_controller.rb          |  2 +-
 app/controllers/api/v1/blocks_controller.rb        |  2 +-
 app/controllers/api/v1/domain_blocks_controller.rb |  2 +-
 app/controllers/api/v1/favourites_controller.rb    |  2 +-
 .../api/v1/follow_requests_controller.rb           |  2 +-
 app/controllers/api/v1/follows_controller.rb       |  2 +-
 app/controllers/api/v1/instances_controller.rb     |  2 +-
 app/controllers/api/v1/media_controller.rb         |  2 +-
 app/controllers/api/v1/mutes_controller.rb         |  2 +-
 app/controllers/api/v1/notifications_controller.rb |  2 +-
 app/controllers/api/v1/reports_controller.rb       |  2 +-
 app/controllers/api/v1/search_controller.rb        |  2 +-
 app/controllers/api/v1/statuses_controller.rb      |  2 +-
 app/controllers/api/v1/streaming_controller.rb     |  2 +-
 .../api/v1/timelines/home_controller.rb            |  2 +-
 .../api/v1/timelines/public_controller.rb          |  2 +-
 app/controllers/api/v1/timelines/tag_controller.rb |  2 +-
 app/controllers/api/web/settings_controller.rb     |  2 +-
 33 files changed, 125 insertions(+), 32 deletions(-)
 create mode 100644 app/controllers/api/base_controller.rb

(limited to 'app/controllers/api')

diff --git a/app/controllers/api/activitypub/activities_controller.rb b/app/controllers/api/activitypub/activities_controller.rb
index 025ab960e..740c8589a 100644
--- a/app/controllers/api/activitypub/activities_controller.rb
+++ b/app/controllers/api/activitypub/activities_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::Activitypub::ActivitiesController < ApiController
+class Api::Activitypub::ActivitiesController < Api::BaseController
   include Authorization
 
   # before_action :set_follow, only: [:show_follow]
diff --git a/app/controllers/api/activitypub/notes_controller.rb b/app/controllers/api/activitypub/notes_controller.rb
index ff9383413..783c1c4ed 100644
--- a/app/controllers/api/activitypub/notes_controller.rb
+++ b/app/controllers/api/activitypub/notes_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::Activitypub::NotesController < ApiController
+class Api::Activitypub::NotesController < Api::BaseController
   include Authorization
 
   before_action :set_status
diff --git a/app/controllers/api/activitypub/outbox_controller.rb b/app/controllers/api/activitypub/outbox_controller.rb
index 7b6cbdd38..0738d7dee 100644
--- a/app/controllers/api/activitypub/outbox_controller.rb
+++ b/app/controllers/api/activitypub/outbox_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::Activitypub::OutboxController < ApiController
+class Api::Activitypub::OutboxController < Api::BaseController
   before_action :set_account
 
   respond_to :activitystreams2
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
new file mode 100644
index 000000000..c1b2ec3cf
--- /dev/null
+++ b/app/controllers/api/base_controller.rb
@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+class Api::BaseController < ApplicationController
+  DEFAULT_STATUSES_LIMIT = 20
+  DEFAULT_ACCOUNTS_LIMIT = 40
+
+  include RateLimitHeaders
+
+  skip_before_action :verify_authenticity_token
+  skip_before_action :store_current_location
+
+  rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e|
+    render json: { error: e.to_s }, status: 422
+  end
+
+  rescue_from ActiveRecord::RecordNotFound do
+    render json: { error: 'Record not found' }, status: 404
+  end
+
+  rescue_from Goldfinger::Error do
+    render json: { error: 'Remote account could not be resolved' }, status: 422
+  end
+
+  rescue_from HTTP::Error do
+    render json: { error: 'Remote data could not be fetched' }, status: 503
+  end
+
+  rescue_from OpenSSL::SSL::SSLError do
+    render json: { error: 'Remote SSL certificate could not be verified' }, status: 503
+  end
+
+  rescue_from Mastodon::NotPermittedError do
+    render json: { error: 'This action is not allowed' }, status: 403
+  end
+
+  def doorkeeper_unauthorized_render_options(error: nil)
+    { json: { error: (error.try(:description) || 'Not authorized') } }
+  end
+
+  def doorkeeper_forbidden_render_options(*)
+    { json: { error: 'This action is outside the authorized scopes' } }
+  end
+
+  protected
+
+  def set_pagination_headers(next_path = nil, prev_path = nil)
+    links = []
+    links << [next_path, [%w(rel next)]] if next_path
+    links << [prev_path, [%w(rel prev)]] if prev_path
+    response.headers['Link'] = LinkHeader.new(links)
+  end
+
+  def limit_param(default_limit)
+    return default_limit unless params[:limit]
+    [params[:limit].to_i.abs, default_limit * 2].min
+  end
+
+  def current_resource_owner
+    @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
+  end
+
+  def current_user
+    current_resource_owner || super
+  rescue ActiveRecord::RecordNotFound
+    nil
+  end
+
+  def require_user!
+    current_resource_owner
+    set_user_activity
+  rescue ActiveRecord::RecordNotFound
+    render json: { error: 'This method requires an authenticated user' }, status: 422
+  end
+
+  def render_empty
+    render json: {}, status: 200
+  end
+
+  def set_maps(statuses) # rubocop:disable Style/AccessorMethodName
+    if current_account.nil?
+      @reblogs_map    = {}
+      @favourites_map = {}
+      @mutes_map      = {}
+      return
+    end
+
+    status_ids       = statuses.compact.flat_map { |s| [s.id, s.reblog_of_id] }.uniq
+    conversation_ids = statuses.compact.map(&:conversation_id).compact.uniq
+    @reblogs_map     = Status.reblogs_map(status_ids, current_account)
+    @favourites_map  = Status.favourites_map(status_ids, current_account)
+    @mutes_map       = Status.mutes_map(conversation_ids, current_account)
+  end
+end
diff --git a/app/controllers/api/oembed_controller.rb b/app/controllers/api/oembed_controller.rb
index 576188353..6e3e34d96 100644
--- a/app/controllers/api/oembed_controller.rb
+++ b/app/controllers/api/oembed_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::OEmbedController < ApiController
+class Api::OEmbedController < Api::BaseController
   respond_to :json
 
   def show
diff --git a/app/controllers/api/push_controller.rb b/app/controllers/api/push_controller.rb
index 75a1f757b..951867140 100644
--- a/app/controllers/api/push_controller.rb
+++ b/app/controllers/api/push_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::PushController < ApiController
+class Api::PushController < Api::BaseController
   def update
     response, status = process_push_request
     render plain: response, status: status
diff --git a/app/controllers/api/salmon_controller.rb b/app/controllers/api/salmon_controller.rb
index f611b48a0..e9e700b18 100644
--- a/app/controllers/api/salmon_controller.rb
+++ b/app/controllers/api/salmon_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::SalmonController < ApiController
+class Api::SalmonController < Api::BaseController
   before_action :set_account
   respond_to :txt
 
diff --git a/app/controllers/api/subscriptions_controller.rb b/app/controllers/api/subscriptions_controller.rb
index dd2f42aab..d3ea98676 100644
--- a/app/controllers/api/subscriptions_controller.rb
+++ b/app/controllers/api/subscriptions_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::SubscriptionsController < ApiController
+class Api::SubscriptionsController < Api::BaseController
   before_action :set_account
   respond_to :txt
 
diff --git a/app/controllers/api/v1/accounts/credentials_controller.rb b/app/controllers/api/v1/accounts/credentials_controller.rb
index 8f2ded29e..1cf52ff10 100644
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::Accounts::CredentialsController < ApiController
+class Api::V1::Accounts::CredentialsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :write }, only: [:update]
   before_action :require_user!
 
diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
index 3e9da29e3..81aae56d3 100644
--- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::Accounts::FollowerAccountsController < ApiController
+class Api::V1::Accounts::FollowerAccountsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }
   before_action :set_account
   after_action :insert_pagination_headers
diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb
index 732961aac..63c6d54b2 100644
--- a/app/controllers/api/v1/accounts/following_accounts_controller.rb
+++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::Accounts::FollowingAccountsController < ApiController
+class Api::V1::Accounts::FollowingAccountsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }
   before_action :set_account
   after_action :insert_pagination_headers
diff --git a/app/controllers/api/v1/accounts/relationships_controller.rb b/app/controllers/api/v1/accounts/relationships_controller.rb
index d1a4f178b..cb923ab91 100644
--- a/app/controllers/api/v1/accounts/relationships_controller.rb
+++ b/app/controllers/api/v1/accounts/relationships_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::Accounts::RelationshipsController < ApiController
+class Api::V1::Accounts::RelationshipsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }
   before_action :require_user!
 
diff --git a/app/controllers/api/v1/accounts/search_controller.rb b/app/controllers/api/v1/accounts/search_controller.rb
index 6d4c6e4cf..c4a8f97f2 100644
--- a/app/controllers/api/v1/accounts/search_controller.rb
+++ b/app/controllers/api/v1/accounts/search_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::Accounts::SearchController < ApiController
+class Api::V1::Accounts::SearchController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }
   before_action :require_user!
 
diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb
index 1e0d2a740..504ed8c07 100644
--- a/app/controllers/api/v1/accounts/statuses_controller.rb
+++ b/app/controllers/api/v1/accounts/statuses_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::Accounts::StatusesController < ApiController
+class Api::V1::Accounts::StatusesController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }
   before_action :set_account
   after_action :insert_pagination_headers
diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index 3b23e996d..8fc0dd36f 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::AccountsController < ApiController
+class Api::V1::AccountsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute]
   before_action -> { doorkeeper_authorize! :follow }, only: [:follow, :unfollow, :block, :unblock, :mute, :unmute]
   before_action :require_user!, except: [:show]
diff --git a/app/controllers/api/v1/apps_controller.rb b/app/controllers/api/v1/apps_controller.rb
index 54f8d40b2..98e908948 100644
--- a/app/controllers/api/v1/apps_controller.rb
+++ b/app/controllers/api/v1/apps_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::AppsController < ApiController
+class Api::V1::AppsController < Api::BaseController
   respond_to :json
 
   def create
diff --git a/app/controllers/api/v1/blocks_controller.rb b/app/controllers/api/v1/blocks_controller.rb
index d15cb439c..1702953cf 100644
--- a/app/controllers/api/v1/blocks_controller.rb
+++ b/app/controllers/api/v1/blocks_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::BlocksController < ApiController
+class Api::V1::BlocksController < Api::BaseController
   before_action -> { doorkeeper_authorize! :follow }
   before_action :require_user!
   after_action :insert_pagination_headers
diff --git a/app/controllers/api/v1/domain_blocks_controller.rb b/app/controllers/api/v1/domain_blocks_controller.rb
index 772c04687..e93dc603b 100644
--- a/app/controllers/api/v1/domain_blocks_controller.rb
+++ b/app/controllers/api/v1/domain_blocks_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::DomainBlocksController < ApiController
+class Api::V1::DomainBlocksController < Api::BaseController
   BLOCK_LIMIT = 100
 
   before_action -> { doorkeeper_authorize! :follow }
diff --git a/app/controllers/api/v1/favourites_controller.rb b/app/controllers/api/v1/favourites_controller.rb
index a74db92af..fe0819a3f 100644
--- a/app/controllers/api/v1/favourites_controller.rb
+++ b/app/controllers/api/v1/favourites_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::FavouritesController < ApiController
+class Api::V1::FavouritesController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }
   before_action :require_user!
   after_action :insert_pagination_headers
diff --git a/app/controllers/api/v1/follow_requests_controller.rb b/app/controllers/api/v1/follow_requests_controller.rb
index 8a8d40d77..eed22ef4f 100644
--- a/app/controllers/api/v1/follow_requests_controller.rb
+++ b/app/controllers/api/v1/follow_requests_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::FollowRequestsController < ApiController
+class Api::V1::FollowRequestsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :follow }
   before_action :require_user!
   after_action :insert_pagination_headers, only: :index
diff --git a/app/controllers/api/v1/follows_controller.rb b/app/controllers/api/v1/follows_controller.rb
index 67d823398..bcdb4e177 100644
--- a/app/controllers/api/v1/follows_controller.rb
+++ b/app/controllers/api/v1/follows_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::FollowsController < ApiController
+class Api::V1::FollowsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :follow }
   before_action :require_user!
 
diff --git a/app/controllers/api/v1/instances_controller.rb b/app/controllers/api/v1/instances_controller.rb
index 51d92838a..ce2181879 100644
--- a/app/controllers/api/v1/instances_controller.rb
+++ b/app/controllers/api/v1/instances_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::InstancesController < ApiController
+class Api::V1::InstancesController < Api::BaseController
   respond_to :json
 
   def show; end
diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb
index 3d7dcef42..25a331319 100644
--- a/app/controllers/api/v1/media_controller.rb
+++ b/app/controllers/api/v1/media_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::MediaController < ApiController
+class Api::V1::MediaController < Api::BaseController
   before_action -> { doorkeeper_authorize! :write }
   before_action :require_user!
 
diff --git a/app/controllers/api/v1/mutes_controller.rb b/app/controllers/api/v1/mutes_controller.rb
index b9ac74176..2a353df03 100644
--- a/app/controllers/api/v1/mutes_controller.rb
+++ b/app/controllers/api/v1/mutes_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::MutesController < ApiController
+class Api::V1::MutesController < Api::BaseController
   before_action -> { doorkeeper_authorize! :follow }
   before_action :require_user!
   after_action :insert_pagination_headers
diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb
index 1cd4ca40a..20b28776d 100644
--- a/app/controllers/api/v1/notifications_controller.rb
+++ b/app/controllers/api/v1/notifications_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::NotificationsController < ApiController
+class Api::V1::NotificationsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }
   before_action :require_user!
   after_action :insert_pagination_headers, only: :index
diff --git a/app/controllers/api/v1/reports_controller.rb b/app/controllers/api/v1/reports_controller.rb
index e0f9ed232..71df76e92 100644
--- a/app/controllers/api/v1/reports_controller.rb
+++ b/app/controllers/api/v1/reports_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::ReportsController < ApiController
+class Api::V1::ReportsController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }, except: [:create]
   before_action -> { doorkeeper_authorize! :write }, only:  [:create]
   before_action :require_user!
diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb
index 1ee2589a0..8b832148c 100644
--- a/app/controllers/api/v1/search_controller.rb
+++ b/app/controllers/api/v1/search_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::SearchController < ApiController
+class Api::V1::SearchController < Api::BaseController
   RESULTS_LIMIT = 5
 
   respond_to :json
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index 7386d7158..53fb1619e 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::StatusesController < ApiController
+class Api::V1::StatusesController < Api::BaseController
   include Authorization
 
   before_action :authorize_if_got_token, except:            [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite, :mute, :unmute]
diff --git a/app/controllers/api/v1/streaming_controller.rb b/app/controllers/api/v1/streaming_controller.rb
index 377951472..66b812e76 100644
--- a/app/controllers/api/v1/streaming_controller.rb
+++ b/app/controllers/api/v1/streaming_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::StreamingController < ApiController
+class Api::V1::StreamingController < Api::BaseController
   respond_to :json
 
   def index
diff --git a/app/controllers/api/v1/timelines/home_controller.rb b/app/controllers/api/v1/timelines/home_controller.rb
index 29e570fa5..511d2f65d 100644
--- a/app/controllers/api/v1/timelines/home_controller.rb
+++ b/app/controllers/api/v1/timelines/home_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::Timelines::HomeController < ApiController
+class Api::V1::Timelines::HomeController < Api::BaseController
   before_action -> { doorkeeper_authorize! :read }, only: [:show]
   before_action :require_user!, only: [:show]
   after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
diff --git a/app/controllers/api/v1/timelines/public_controller.rb b/app/controllers/api/v1/timelines/public_controller.rb
index cd3663d5f..305451cc7 100644
--- a/app/controllers/api/v1/timelines/public_controller.rb
+++ b/app/controllers/api/v1/timelines/public_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::Timelines::PublicController < ApiController
+class Api::V1::Timelines::PublicController < Api::BaseController
   after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
 
   respond_to :json
diff --git a/app/controllers/api/v1/timelines/tag_controller.rb b/app/controllers/api/v1/timelines/tag_controller.rb
index 0481f5deb..50afca7c7 100644
--- a/app/controllers/api/v1/timelines/tag_controller.rb
+++ b/app/controllers/api/v1/timelines/tag_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::V1::Timelines::TagController < ApiController
+class Api::V1::Timelines::TagController < Api::BaseController
   before_action :load_tag
   after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
 
diff --git a/app/controllers/api/web/settings_controller.rb b/app/controllers/api/web/settings_controller.rb
index 7cceb0dfc..f6739d506 100644
--- a/app/controllers/api/web/settings_controller.rb
+++ b/app/controllers/api/web/settings_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class Api::Web::SettingsController < ApiController
+class Api::Web::SettingsController < Api::BaseController
   respond_to :json
 
   before_action :require_user!
-- 
cgit