From 9aecc0f48a046e0a05b8ca69511f8b72756fb431 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 8 Nov 2016 23:22:44 +0100
Subject: Move timelines API from statuses to its own controller, add a check
 for resources that require a user context vs those that don't (such as public
 timeline)

/api/v1/statuses/public   -> /api/v1/timelines/public
/api/v1/statuses/home     -> /api/v1/timelines/home
/api/v1/statuses/mentions -> /api/v1/timelines/mentions
/api/v1/statuses/tag/:tag -> /api/v1/timelines/tag/:tag
---
 app/controllers/api/v1/accounts_controller.rb  |  3 ++-
 app/controllers/api/v1/follows_controller.rb   |  2 ++
 app/controllers/api/v1/media_controller.rb     |  2 ++
 app/controllers/api/v1/statuses_controller.rb  | 35 ++----------------------
 app/controllers/api/v1/timelines_controller.rb | 37 ++++++++++++++++++++++++++
 app/controllers/api_controller.rb              | 18 +++++++++++--
 6 files changed, 61 insertions(+), 36 deletions(-)
 create mode 100644 app/controllers/api/v1/timelines_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb
index bb06ddac9..4140439a8 100644
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -1,8 +1,9 @@
 class Api::V1::AccountsController < ApiController
   before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock]
   before_action -> { doorkeeper_authorize! :follow }, only: [:follow, :unfollow, :block, :unblock]
-
+  before_action :require_user!, except: [:show, :following, :followers, :statuses]
   before_action :set_account, except: [:verify_credentials, :suggestions]
+
   respond_to    :json
 
   def show
diff --git a/app/controllers/api/v1/follows_controller.rb b/app/controllers/api/v1/follows_controller.rb
index 526316531..80a5aedf2 100644
--- a/app/controllers/api/v1/follows_controller.rb
+++ b/app/controllers/api/v1/follows_controller.rb
@@ -1,5 +1,7 @@
 class Api::V1::FollowsController < ApiController
   before_action -> { doorkeeper_authorize! :follow }
+  before_action :require_user!
+
   respond_to    :json
 
   def create
diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb
index dffc797fe..ab216f9c9 100644
--- a/app/controllers/api/v1/media_controller.rb
+++ b/app/controllers/api/v1/media_controller.rb
@@ -1,5 +1,7 @@
 class Api::V1::MediaController < ApiController
   before_action -> { doorkeeper_authorize! :write }
+  before_action :require_user!
+
   respond_to    :json
 
   def create
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index 0a823e3e6..51a044a6c 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -1,8 +1,8 @@
 class Api::V1::StatusesController < ApiController
   before_action -> { doorkeeper_authorize! :read }, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
   before_action -> { doorkeeper_authorize! :write }, only:  [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite]
-
-  before_action :set_status, only: [:show, :context, :reblogged_by, :favourited_by]
+  before_action :require_user!, except: [:show, :context, :reblogged_by, :favourited_by]
+  before_action :set_status, only:      [:show, :context, :reblogged_by, :favourited_by]
 
   respond_to :json
 
@@ -56,37 +56,6 @@ class Api::V1::StatusesController < ApiController
     render action: :show
   end
 
-  def home
-    @statuses = Feed.new(:home, current_user.account).get(20, params[:max_id], params[:since_id]).to_a
-    set_maps(@statuses)
-    render action: :index
-  end
-
-  def mentions
-    @statuses = Feed.new(:mentions, current_user.account).get(20, params[:max_id], params[:since_id]).to_a
-    set_maps(@statuses)
-    render action: :index
-  end
-
-  def public
-    @statuses = Status.as_public_timeline(current_user.account).paginate_by_max_id(20, params[:max_id], params[:since_id]).to_a
-    set_maps(@statuses)
-    render action: :index
-  end
-
-  def tag
-    @tag = Tag.find_by(name: params[:id].downcase)
-
-    if @tag.nil?
-      @statuses = []
-    else
-      @statuses = Status.as_tag_timeline(@tag, current_user.account).paginate_by_max_id(20, params[:max_id], params[:since_id]).to_a
-      set_maps(@statuses)
-    end
-
-    render action: :index
-  end
-
   private
 
   def set_status
diff --git a/app/controllers/api/v1/timelines_controller.rb b/app/controllers/api/v1/timelines_controller.rb
new file mode 100644
index 000000000..e5176dd4b
--- /dev/null
+++ b/app/controllers/api/v1/timelines_controller.rb
@@ -0,0 +1,37 @@
+class Api::V1::TimelinesController < ApiController
+  before_action -> { doorkeeper_authorize! :read }
+  before_action :require_user!, only: [:home, :mentions]
+
+  respond_to :json
+
+  def home
+    @statuses = Feed.new(:home, current_account).get(20, params[:max_id], params[:since_id]).to_a
+    set_maps(@statuses)
+    render action: :index
+  end
+
+  def mentions
+    @statuses = Feed.new(:mentions, current_account).get(20, params[:max_id], params[:since_id]).to_a
+    set_maps(@statuses)
+    render action: :index
+  end
+
+  def public
+    @statuses = Status.as_public_timeline(current_account).paginate_by_max_id(20, params[:max_id], params[:since_id]).to_a
+    set_maps(@statuses)
+    render action: :index
+  end
+
+  def tag
+    @tag = Tag.find_by(name: params[:id].downcase)
+
+    if @tag.nil?
+      @statuses = []
+    else
+      @statuses = Status.as_tag_timeline(@tag, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id]).to_a
+      set_maps(@statuses)
+    end
+
+    render action: :index
+  end
+end
diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index 273aaff85..db4035a96 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -60,6 +60,14 @@ class ApiController < ApplicationController
 
   def current_user
     super || current_resource_owner
+  rescue ActiveRecord::RecordNotFound
+    nil
+  end
+
+  def require_user!
+    current_resource_owner
+  rescue ActiveRecord::RecordNotFound
+    render json: { error: 'This method requires an authenticated user' }, status: 422
   end
 
   def render_empty
@@ -67,8 +75,14 @@ class ApiController < ApplicationController
   end
 
   def set_maps(statuses)
+    if current_account.nil?
+      @reblogs_map    = {}
+      @favourites_map = {}
+      return
+    end
+
     status_ids      = statuses.flat_map { |s| [s.id, s.reblog_of_id] }.compact.uniq
-    @reblogs_map    = Status.reblogs_map(status_ids, current_user.account)
-    @favourites_map = Status.favourites_map(status_ids, current_user.account)
+    @reblogs_map    = Status.reblogs_map(status_ids, current_account)
+    @favourites_map = Status.favourites_map(status_ids, current_account)
   end
 end
-- 
cgit