From 958e085acb88d8bdcac4834a290238bc8527e678 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 22 Sep 2018 02:14:25 +0000 Subject: [PATCH] mastodon api: add support for user-supplied html policy --- .../mastodon_api/mastodon_api_controller.ex | 20 +++++++++---------- .../web/mastodon_api/views/account_view.ex | 6 ++++-- .../web/mastodon_api/views/status_view.ex | 14 +++++++------ 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index 3d292182d..47ae61b5b 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -98,7 +98,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do CommonAPI.update(user) end - json(conn, AccountView.render("account.json", %{user: user})) + json(conn, AccountView.render("account.json", %{user: user, for: user})) else _e -> conn @@ -108,13 +108,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end def verify_credentials(%{assigns: %{user: user}} = conn, _) do - account = AccountView.render("account.json", %{user: user}) + account = AccountView.render("account.json", %{user: user, for: user}) json(conn, account) end - def user(conn, %{"id" => id}) do + def user(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do with %User{} = user <- Repo.get(User, id) do - account = AccountView.render("account.json", %{user: user}) + account = AccountView.render("account.json", %{user: user, for: for_user}) json(conn, account) else _e -> @@ -588,7 +588,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do with %User{} = followed <- Repo.get_by(User, nickname: uri), {:ok, follower} <- User.maybe_direct_follow(follower, followed), {:ok, _activity} <- ActivityPub.follow(follower, followed) do - render(conn, AccountView, "account.json", %{user: followed}) + render(conn, AccountView, "account.json", %{user: followed, for: follower}) else {:error, message} -> conn @@ -858,7 +858,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do if user && token do mastodon_emoji = mastodonized_emoji() - accounts = Map.put(%{}, user.id, AccountView.render("account.json", %{user: user})) + accounts = Map.put(%{}, user.id, AccountView.render("account.json", %{user: user, for: user})) initial_state = %{ @@ -1038,7 +1038,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "mention", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}), + account: AccountView.render("account.json", %{user: actor, for: user}), status: StatusView.render("status.json", %{activity: activity, for: user}) } @@ -1049,7 +1049,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "favourite", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}), + account: AccountView.render("account.json", %{user: actor, for: user}), status: StatusView.render("status.json", %{activity: liked_activity, for: user}) } @@ -1060,7 +1060,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "reblog", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}), + account: AccountView.render("account.json", %{user: actor, for: user}), status: StatusView.render("status.json", %{activity: announced_activity, for: user}) } @@ -1069,7 +1069,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do id: id, type: "follow", created_at: created_at, - account: AccountView.render("account.json", %{user: actor}) + account: AccountView.render("account.json", %{user: actor, for: user}) } _ -> diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 3c8f93486..96795c420 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -10,7 +10,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do render_many(users, AccountView, "account.json", opts) end - def render("account.json", %{user: user}) do + def render("account.json", %{user: user} = opts) do image = User.avatar_url(user) |> MediaProxy.url() header = User.banner_url(user) |> MediaProxy.url() user_info = User.user_info(user) @@ -33,6 +33,8 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end) |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end) + bio = HTML.filter_tags(user.bio, User.html_filter_policy(opts[:for])) + %{ id: to_string(user.id), username: username_from_nickname(user.nickname), @@ -43,7 +45,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do followers_count: user_info.follower_count, following_count: user_info.following_count, statuses_count: user_info.note_count, - note: HTML.filter_tags(user.bio) || "", + note: bio || "", url: user.ap_id, avatar: image, avatar_static: image, diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index ffc105196..ef46ba4fc 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -122,6 +122,10 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do %{shortcode: name, url: url, static_url: url, visible_in_picker: false} end) + content = + render_content(object) + |> HTML.filter_tags(User.html_filter_policy(opts[:for])) + %{ id: to_string(activity.id), uri: object["id"], @@ -130,7 +134,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do in_reply_to_id: reply_to && to_string(reply_to.id), in_reply_to_account_id: reply_to_user && to_string(reply_to_user.id), reblog: nil, - content: render_content(object), + content: content, created_at: created_at, reblogs_count: announcement_count, replies_count: 0, @@ -224,7 +228,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do object["content"] end - HTML.filter_tags(content) + content end def render_content(%{"type" => "Article"} = object) do @@ -237,10 +241,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do object["content"] end - HTML.filter_tags(content) + content end - def render_content(object) do - HTML.filter_tags(object["content"]) - end + def render_content(object), do: object["content"] end