Compare commits
12 Commits
73ecdcdc9f
...
5134e363f7
Author | SHA1 | Date |
---|---|---|
Christopher Harrington | 5134e363f7 | |
Mathilde | 574cdad7a8 | |
Christopher Harrington | 641b07167a | |
Christopher Harrington | 3897eaa15e | |
Christopher Harrington | e6f8a67f9f | |
Christopher Harrington | 7d7e61da4a | |
Christopher Harrington | 744f500a89 | |
Christopher Harrington | 86ba6925b8 | |
Christopher Harrington | 135b9f5fb3 | |
Christopher Harrington | 0c9c7b88e1 | |
Christopher Harrington | 9fbcfe7d51 | |
Christopher Harrington | 1c4948da08 |
|
@ -81,7 +81,7 @@ Hometown uses [semantic versioning](https://semver.org) and follows a versioning
|
|||
## Contributing to Hometown
|
||||
|
||||
Setting up your Hometown development environment is [exactly like setting up your Mastodon development environment](https://docs.joinmastodon.org/dev/overview/). Pull requests should be made to the `hometown-dev` branch, which is our default branch in Github.
|
||||
=======
|
||||
|
||||
You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
|
||||
|
||||
**IRC channel**: #mastodon on irc.libera.chat
|
||||
|
|
|
@ -153,9 +153,19 @@ class Api::BaseController < ApplicationController
|
|||
end
|
||||
|
||||
def disallow_unauthenticated_api_access?
|
||||
return false if current_user
|
||||
ENV['DISALLOW_UNAUTHENTICATED_API_ACCESS'] == 'true' || Rails.configuration.x.whitelist_mode
|
||||
end
|
||||
|
||||
def user_would_block_unauthenticated_api_access?(account)
|
||||
# alternately account.locked? would also be a good candidate for this
|
||||
disallow_unauthenticated_api_access? && account.user_prefers_noindex?
|
||||
end
|
||||
|
||||
def user_blocks_unauthenticated_api_access
|
||||
render json: { error: 'This user is only visible to authenticated users' }, status: 401
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def respond_with_error(code)
|
||||
|
|
|
@ -3,10 +3,14 @@
|
|||
class Api::V1::Accounts::FeaturedTagsController < Api::BaseController
|
||||
before_action :set_account
|
||||
before_action :set_featured_tags
|
||||
skip_before_action :require_authenticated_user!, only: [:index]
|
||||
|
||||
respond_to :json
|
||||
|
||||
def index
|
||||
if user_would_block_unauthenticated_api_access?(@account)
|
||||
user_blocks_unauthenticated_api_access and return
|
||||
end
|
||||
render json: @featured_tags, each_serializer: REST::FeaturedTagSerializer
|
||||
end
|
||||
|
||||
|
@ -17,6 +21,9 @@ class Api::V1::Accounts::FeaturedTagsController < Api::BaseController
|
|||
end
|
||||
|
||||
def set_featured_tags
|
||||
@featured_tags = @account.suspended? ? [] : @account.featured_tags
|
||||
@featured_tags = if @account.suspended? || disallow_unauthenticated_api_access?
|
||||
[]
|
||||
else
|
||||
@account.featured_tags
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class Api::V1::Accounts::LookupController < Api::BaseController
|
||||
skip_before_action :require_authenticated_user!, only: :show
|
||||
before_action -> { authorize_if_got_token! :read, :'read:accounts' }
|
||||
before_action :set_account
|
||||
|
||||
def show
|
||||
if user_would_block_unauthenticated_api_access?(@account)
|
||||
user_blocks_unauthenticated_api_access and return
|
||||
end
|
||||
render json: @account, serializer: REST::AccountSerializer
|
||||
end
|
||||
|
||||
|
|
|
@ -3,11 +3,15 @@
|
|||
class Api::V1::Accounts::StatusesController < Api::BaseController
|
||||
before_action -> { authorize_if_got_token! :read, :'read:statuses' }
|
||||
before_action :set_account
|
||||
skip_before_action :require_authenticated_user!, only: [:index]
|
||||
|
||||
after_action :insert_pagination_headers, unless: -> { truthy_param?(:pinned) }
|
||||
|
||||
def index
|
||||
@statuses = load_statuses
|
||||
if user_would_block_unauthenticated_api_access?(@account)
|
||||
user_blocks_unauthenticated_api_access and return
|
||||
end
|
||||
render json: @statuses, each_serializer: REST::StatusSerializer, relationships: StatusRelationshipsPresenter.new(@statuses, current_user&.account_id)
|
||||
end
|
||||
|
||||
|
@ -18,7 +22,10 @@ class Api::V1::Accounts::StatusesController < Api::BaseController
|
|||
end
|
||||
|
||||
def load_statuses
|
||||
@account.suspended? ? [] : cached_account_statuses
|
||||
if @account.suspended? || disallow_unauthenticated_api_access?
|
||||
[]
|
||||
else
|
||||
cached_account_statuses
|
||||
end
|
||||
|
||||
def cached_account_statuses
|
||||
|
|
|
@ -13,11 +13,14 @@ class Api::V1::AccountsController < Api::BaseController
|
|||
before_action :check_account_confirmation, except: [:create]
|
||||
before_action :check_enabled_registrations, only: [:create]
|
||||
|
||||
skip_before_action :require_authenticated_user!, only: :create
|
||||
skip_before_action :require_authenticated_user!, only: [:create, :show]
|
||||
|
||||
override_rate_limit_headers :follow, family: :follows
|
||||
|
||||
def show
|
||||
if user_would_block_unauthenticated_api_access?(@account)
|
||||
user_blocks_unauthenticated_api_access and return
|
||||
end
|
||||
render json: @account, serializer: REST::AccountSerializer
|
||||
end
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class Api::V1::CustomEmojisController < Api::BaseController
|
||||
skip_before_action :set_cache_headers
|
||||
skip_before_action :require_authenticated_user!, only: :index
|
||||
|
||||
def index
|
||||
expires_in 3.minutes, public: true
|
||||
|
|
|
@ -190,6 +190,10 @@ export default function timelines(state = initialState, action) {
|
|||
case TIMELINE_EXPAND_REQUEST:
|
||||
return state.update(action.timeline, initialTimeline, map => map.set('isLoading', true));
|
||||
case TIMELINE_EXPAND_FAIL:
|
||||
if (action.error?.response?.status === 401) {
|
||||
// don't loop continuously on 401 unauthenticated response
|
||||
return state.update(action.timeline, initialTimeline, map => map.set('hasMore', false));
|
||||
}
|
||||
return state.update(action.timeline, initialTimeline, map => map.set('isLoading', false));
|
||||
case TIMELINE_EXPAND_SUCCESS:
|
||||
return expandNormalizedTimeline(state, action.timeline, fromJS(action.statuses), action.next, action.partial, action.isLoadingRecent, action.usePendingItems);
|
||||
|
|
Loading…
Reference in New Issue