Home Explore Help
Register Sign In
bida
/
bastodon
7
0
Fork 0
Files Issues 9 Pull Requests 0 Wiki
Tree: 42ab855b23
Branches Tags
bastodon
/
app
/
controllers
/
statuses_controller.rb

statuses_controller.rb 2.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. class StatusesController < ApplicationController
    4. 

  4.   include WebAppControllerConcern
    5. 

  5.   include SignatureAuthentication
    6. 

  6.   include Authorization
    7. 

  7.   include AccountOwnedConcern
    8. 

  8. 

  9.   vary_by -> { public_fetch_mode? ? 'Accept, Accept-Language, Cookie' : 'Accept, Accept-Language, Cookie, Signature' }
    10. 

  10. 

  11.   before_action :require_account_signature!, only: [:show, :activity], if: -> { request.format == :json && authorized_fetch_mode? }
    12. 

  12.   before_action :set_status
    13. 

  13.   before_action :redirect_to_original, only: :show
    14. 

  14.   before_action :set_body_classes, only: :embed
    15. 

  15. 

  16.   after_action :set_link_headers
    17. 

  17. 

  18.   skip_around_action :set_locale, if: -> { request.format == :json }
    19. 

  19.   skip_before_action :require_functional!, only: [:show, :embed], unless: :limited_federation_mode?
    20. 

  20. 

  21.   content_security_policy only: :embed do |policy|
    22. 

  22.     policy.frame_ancestors(false)
    23. 

  23.   end
    24. 

  24. 

  25.   def show
    26. 

  26.     respond_to do |format|
    27. 

  27.       format.html do
    28. 

  28.         expires_in 10.seconds, public: true if current_account.nil?
    29. 

  29.       end
    30. 

  30. 

  31.       format.json do
    32. 

  32.         expires_in 3.minutes, public: true if @status.distributable? && public_fetch_mode?
    33. 

  33.         render_with_cache json: @status, content_type: 'application/activity+json', serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter
    34. 

  34.       end
    35. 

  35.     end
    36. 

  36.   end
    37. 

  37. 

  38.   def activity
    39. 

  39.     expires_in 3.minutes, public: @status.distributable? && public_fetch_mode?
    40. 

  40.     render_with_cache json: ActivityPub::ActivityPresenter.from_status(@status), content_type: 'application/activity+json', serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter
    41. 

  41.   end
    42. 

  42. 

  43.   def embed
    44. 

  44.     return not_found if @status.hidden? || @status.reblog?
    45. 

  45. 

  46.     expires_in 180, public: true
    47. 

  47.     response.headers.delete('X-Frame-Options')
    48. 

  48. 

  49.     render layout: 'embedded'
    50. 

  50.   end
    51. 

  51. 

  52.   private
    53. 

  53. 

  54.   def set_body_classes
    55. 

  55.     @body_classes = 'with-modals'
    56. 

  56.   end
    57. 

  57. 

  58.   def set_link_headers
    59. 

  59.     response.headers['Link'] = LinkHeader.new([[ActivityPub::TagManager.instance.uri_for(@status), [%w(rel alternate), %w(type application/activity+json)]]])
    60. 

  60.   end
    61. 

  61. 

  62.   def set_status
    63. 

  63.     @status = @account.statuses.find(params[:id])
    64. 

  64.     authorize @status, :show?
    65. 

  65.   rescue Mastodon::NotPermittedError
    66. 

  66.     not_found
    67. 

  67.   end
    68. 

  68. 

  69.   def redirect_to_original
    70. 

  70.     redirect_to(ActivityPub::TagManager.instance.url_for(@status.reblog), allow_other_host: true) if @status.reblog?
    71. 

  71.   end
    72. 

  72. end
    73.