app/controllers/authorize_interactions_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

# frozen_string_literal: true

class AuthorizeInteractionsController < ApplicationController
  include Authorization

  layout 'modal'

  before_action :authenticate_user!
  before_action :set_body_classes
  before_action :set_resource

  def show
    if @resource.is_a?(Account)
      render :show
    elsif @resource.is_a?(Status)
      redirect_to web_url("statuses/#{@resource.id}")
    else
      render :error
    end
  end

  def create
    if @resource.is_a?(Account) && FollowService.new.call(current_account, @resource)
      render :success
    else
      render :error
    end
  rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
    render :error
  end

  private

  def set_resource
    @resource = located_resource || render(:error)
    authorize(@resource, :show?) if @resource.is_a?(Status)
  end

  def located_resource
    if uri_param_is_url?
      ResolveURLService.new.call(uri_param)
    else
      account_from_remote_follow
    end
  end

  def account_from_remote_follow
    ResolveAccountService.new.call(uri_param)
  end

  def uri_param_is_url?
    parsed_uri.path && %w(http https).include?(parsed_uri.scheme)
  end

  def parsed_uri
    Addressable::URI.parse(uri_param).normalize
  end

  def uri_param
    params[:uri] || params.fetch(:acct, '').gsub(/\Aacct:/, '')
  end

  def set_body_classes
    @body_classes = 'modal-layout'
  end
end