router.ex 23 KB
Newer Older
1
# Pleroma: A lightweight social networking server
kaniini's avatar
kaniini committed
2
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 4
# SPDX-License-Identifier: AGPL-3.0-only

lain's avatar
lain committed
5 6 7 8
defmodule Pleroma.Web.Router do
  use Pleroma.Web, :router

  pipeline :api do
lain's avatar
lain committed
9 10 11
    plug(:accepts, ["json"])
    plug(:fetch_session)
    plug(Pleroma.Plugs.OAuthPlug)
lain's avatar
lain committed
12 13 14
    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
    plug(Pleroma.Plugs.UserFetcherPlug)
    plug(Pleroma.Plugs.SessionAuthenticationPlug)
15
    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
lain's avatar
lain committed
16
    plug(Pleroma.Plugs.AuthenticationPlug)
lain's avatar
lain committed
17 18
    plug(Pleroma.Plugs.UserEnabledPlug)
    plug(Pleroma.Plugs.SetUserSessionIdPlug)
lain's avatar
lain committed
19
    plug(Pleroma.Plugs.EnsureUserKeyPlug)
lain's avatar
lain committed
20 21
  end

22
  pipeline :authenticated_api do
lain's avatar
lain committed
23 24 25
    plug(:accepts, ["json"])
    plug(:fetch_session)
    plug(Pleroma.Plugs.OAuthPlug)
lain's avatar
lain committed
26 27 28
    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
    plug(Pleroma.Plugs.UserFetcherPlug)
    plug(Pleroma.Plugs.SessionAuthenticationPlug)
29
    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
lain's avatar
lain committed
30
    plug(Pleroma.Plugs.AuthenticationPlug)
lain's avatar
lain committed
31 32
    plug(Pleroma.Plugs.UserEnabledPlug)
    plug(Pleroma.Plugs.SetUserSessionIdPlug)
lain's avatar
lain committed
33
    plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
lain's avatar
lain committed
34 35
  end

36 37 38 39 40 41 42 43 44
  pipeline :admin_api do
    plug(:accepts, ["json"])
    plug(:fetch_session)
    plug(Pleroma.Plugs.OAuthPlug)
    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
    plug(Pleroma.Plugs.UserFetcherPlug)
    plug(Pleroma.Plugs.SessionAuthenticationPlug)
    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
    plug(Pleroma.Plugs.AuthenticationPlug)
45
    plug(Pleroma.Plugs.AdminSecretAuthenticationPlug)
46 47 48 49 50 51
    plug(Pleroma.Plugs.UserEnabledPlug)
    plug(Pleroma.Plugs.SetUserSessionIdPlug)
    plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
    plug(Pleroma.Plugs.UserIsAdminPlug)
  end

lain's avatar
lain committed
52
  pipeline :mastodon_html do
lain's avatar
lain committed
53 54 55
    plug(:accepts, ["html"])
    plug(:fetch_session)
    plug(Pleroma.Plugs.OAuthPlug)
lain's avatar
lain committed
56 57 58
    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
    plug(Pleroma.Plugs.UserFetcherPlug)
    plug(Pleroma.Plugs.SessionAuthenticationPlug)
59
    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
lain's avatar
lain committed
60
    plug(Pleroma.Plugs.AuthenticationPlug)
lain's avatar
lain committed
61 62
    plug(Pleroma.Plugs.UserEnabledPlug)
    plug(Pleroma.Plugs.SetUserSessionIdPlug)
lain's avatar
lain committed
63
    plug(Pleroma.Plugs.EnsureUserKeyPlug)
lain's avatar
lain committed
64 65
  end

66
  pipeline :pleroma_html do
lain's avatar
lain committed
67 68 69
    plug(:accepts, ["html"])
    plug(:fetch_session)
    plug(Pleroma.Plugs.OAuthPlug)
lain's avatar
lain committed
70 71 72 73 74
    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
    plug(Pleroma.Plugs.UserFetcherPlug)
    plug(Pleroma.Plugs.SessionAuthenticationPlug)
    plug(Pleroma.Plugs.AuthenticationPlug)
    plug(Pleroma.Plugs.EnsureUserKeyPlug)
75 76
  end

77 78 79 80 81 82 83
  pipeline :oauth_read_or_unauthenticated do
    plug(Pleroma.Plugs.OAuthScopesPlug, %{
      scopes: ["read"],
      fallback: :proceed_unauthenticated
    })
  end

84
  pipeline :oauth_read do
85
    plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["read"]})
86 87 88
  end

  pipeline :oauth_write do
89
    plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["write"]})
90 91 92
  end

  pipeline :oauth_follow do
93
    plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["follow"]})
94 95
  end

96 97 98 99
  pipeline :oauth_push do
    plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
  end

lain's avatar
lain committed
100
  pipeline :well_known do
lain's avatar
lain committed
101
    plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"])
lain's avatar
lain committed
102 103
  end

lain's avatar
lain committed
104
  pipeline :config do
lain's avatar
lain committed
105
    plug(:accepts, ["json", "xml"])
lain's avatar
lain committed
106 107
  end

108
  pipeline :oauth do
lain's avatar
lain committed
109
    plug(:accepts, ["html", "json"])
110 111
  end

eal's avatar
eal committed
112
  pipeline :pleroma_api do
lain's avatar
lain committed
113
    plug(:accepts, ["html", "json"])
Roger Braun's avatar
Roger Braun committed
114 115
  end

116 117 118 119 120 121 122 123 124
  pipeline :mailbox_preview do
    plug(:accepts, ["html"])

    plug(:put_secure_browser_headers, %{
      "content-security-policy" =>
        "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'"
    })
  end

Roger Braun's avatar
Roger Braun committed
125
  scope "/api/pleroma", Pleroma.Web.TwitterAPI do
lain's avatar
lain committed
126
    pipe_through(:pleroma_api)
127

lain's avatar
lain committed
128 129 130
    get("/password_reset/:token", UtilController, :show_password_reset)
    post("/password_reset", UtilController, :password_reset)
    get("/emoji", UtilController, :emoji)
131
    get("/captcha", UtilController, :captcha)
Roger Braun's avatar
Roger Braun committed
132 133
  end

href's avatar
href committed
134 135 136 137 138
  scope "/api/pleroma", Pleroma.Web do
    pipe_through(:pleroma_api)
    post("/uploader_callback/:upload_path", UploaderController, :callback)
  end

139
  scope "/api/pleroma/admin", Pleroma.Web.AdminAPI do
140 141
    pipe_through([:admin_api, :oauth_write])

142 143
    delete("/user", AdminAPIController, :user_delete)
    post("/user", AdminAPIController, :user_create)
144
    put("/users/tag", AdminAPIController, :tag_users)
145
    delete("/users/tag", AdminAPIController, :untag_users)
146

147 148 149 150
    get("/permission_group/:nickname", AdminAPIController, :right_get)
    get("/permission_group/:nickname/:permission_group", AdminAPIController, :right_get)
    post("/permission_group/:nickname/:permission_group", AdminAPIController, :right_add)
    delete("/permission_group/:nickname/:permission_group", AdminAPIController, :right_delete)
151

152 153
    put("/activation_status/:nickname", AdminAPIController, :set_activation_status)

154 155 156 157
    post("/relay", AdminAPIController, :relay_follow)
    delete("/relay", AdminAPIController, :relay_unfollow)

    get("/invite_token", AdminAPIController, :get_invite_token)
158 159
    post("/email_invite", AdminAPIController, :email_invite)

160 161 162
    get("/password_reset", AdminAPIController, :get_password_reset)
  end

163
  scope "/", Pleroma.Web.TwitterAPI do
lain's avatar
lain committed
164
    pipe_through(:pleroma_html)
165

lain's avatar
lain committed
166
    post("/main/ostatus", UtilController, :remote_subscribe)
167 168 169 170 171 172
    get("/ostatus_subscribe", UtilController, :remote_follow)

    scope [] do
      pipe_through(:oauth_follow)
      post("/ostatus_subscribe", UtilController, :do_remote_follow)
    end
173 174
  end

eal's avatar
eal committed
175
  scope "/api/pleroma", Pleroma.Web.TwitterAPI do
lain's avatar
lain committed
176
    pipe_through(:authenticated_api)
177 178 179 180 181 182 183 184 185 186 187 188 189 190

    scope [] do
      pipe_through(:oauth_write)

      post("/change_password", UtilController, :change_password)
      post("/delete_account", UtilController, :delete_account)
    end

    scope [] do
      pipe_through(:oauth_follow)

      post("/blocks_import", UtilController, :blocks_import)
      post("/follow_import", UtilController, :follow_import)
    end
eal's avatar
eal committed
191 192
  end

193
  scope "/oauth", Pleroma.Web.OAuth do
lain's avatar
lain committed
194 195 196
    get("/authorize", OAuthController, :authorize)
    post("/authorize", OAuthController, :create_authorization)
    post("/token", OAuthController, :token_exchange)
197
    post("/revoke", OAuthController, :token_revoke)
198 199 200
  end

  scope "/api/v1", Pleroma.Web.MastodonAPI do
lain's avatar
lain committed
201
    pipe_through(:authenticated_api)
202

203 204
    scope [] do
      pipe_through(:oauth_read)
205

206 207
      get("/accounts/verify_credentials", MastodonAPIController, :verify_credentials)

208 209
      get("/accounts/relationships", MastodonAPIController, :relationships)
      get("/accounts/search", MastodonAPIController, :account_search)
210

211
      get("/accounts/:id/lists", MastodonAPIController, :account_lists)
212

213 214
      get("/follow_requests", MastodonAPIController, :follow_requests)
      get("/blocks", MastodonAPIController, :blocks)
215
      get("/mutes", MastodonAPIController, :mutes)
216

217 218
      get("/timelines/home", MastodonAPIController, :home_timeline)
      get("/timelines/direct", MastodonAPIController, :dm_timeline)
lain's avatar
lain committed
219

220 221
      get("/favourites", MastodonAPIController, :favourites)
      get("/bookmarks", MastodonAPIController, :bookmarks)
222

223 224 225 226
      post("/notifications/clear", MastodonAPIController, :clear_notifications)
      post("/notifications/dismiss", MastodonAPIController, :dismiss_notification)
      get("/notifications", MastodonAPIController, :notifications)
      get("/notifications/:id", MastodonAPIController, :get_notification)
227

228 229 230
      get("/lists", MastodonAPIController, :get_lists)
      get("/lists/:id", MastodonAPIController, :get_list)
      get("/lists/:id/accounts", MastodonAPIController, :list_accounts)
lain's avatar
lain committed
231

232
      get("/domain_blocks", MastodonAPIController, :domain_blocks)
233

234
      get("/filters", MastodonAPIController, :get_filters)
lain's avatar
lain committed
235

236
      get("/suggestions", MastodonAPIController, :suggestions)
eal's avatar
eal committed
237

238
      get("/endorsements", MastodonAPIController, :empty_array)
239

240
      get("/pleroma/flavour", MastodonAPIController, :get_flavour)
241
    end
eal's avatar
eal committed
242

243 244
    scope [] do
      pipe_through(:oauth_write)
245

246
      patch("/accounts/update_credentials", MastodonAPIController, :update_credentials)
Haelwenn's avatar
Haelwenn committed
247

248 249
      post("/statuses", MastodonAPIController, :post_status)
      delete("/statuses/:id", MastodonAPIController, :delete_status)
250

Ivan Tashkinov's avatar
Ivan Tashkinov committed
251 252 253 254 255 256 257 258 259 260
      post("/statuses/:id/reblog", MastodonAPIController, :reblog_status)
      post("/statuses/:id/unreblog", MastodonAPIController, :unreblog_status)
      post("/statuses/:id/favourite", MastodonAPIController, :fav_status)
      post("/statuses/:id/unfavourite", MastodonAPIController, :unfav_status)
      post("/statuses/:id/pin", MastodonAPIController, :pin_status)
      post("/statuses/:id/unpin", MastodonAPIController, :unpin_status)
      post("/statuses/:id/bookmark", MastodonAPIController, :bookmark_status)
      post("/statuses/:id/unbookmark", MastodonAPIController, :unbookmark_status)
      post("/statuses/:id/mute", MastodonAPIController, :mute_conversation)
      post("/statuses/:id/unmute", MastodonAPIController, :unmute_conversation)
261

262 263 264 265 266 267 268 269 270 271 272 273 274 275
      post("/media", MastodonAPIController, :upload)
      put("/media/:id", MastodonAPIController, :update_media)

      delete("/lists/:id", MastodonAPIController, :delete_list)
      post("/lists", MastodonAPIController, :create_list)
      put("/lists/:id", MastodonAPIController, :rename_list)

      post("/lists/:id/accounts", MastodonAPIController, :add_to_list)
      delete("/lists/:id/accounts", MastodonAPIController, :remove_from_list)

      post("/filters", MastodonAPIController, :create_filter)
      get("/filters/:id", MastodonAPIController, :get_filter)
      put("/filters/:id", MastodonAPIController, :update_filter)
      delete("/filters/:id", MastodonAPIController, :delete_filter)
276 277

      post("/pleroma/flavour/:flavour", MastodonAPIController, :set_flavour)
278 279 280 281 282 283 284 285 286 287 288
    end

    scope [] do
      pipe_through(:oauth_follow)

      post("/follows", MastodonAPIController, :follow)
      post("/accounts/:id/follow", MastodonAPIController, :follow)

      post("/accounts/:id/unfollow", MastodonAPIController, :unfollow)
      post("/accounts/:id/block", MastodonAPIController, :block)
      post("/accounts/:id/unblock", MastodonAPIController, :unblock)
289 290
      post("/accounts/:id/mute", MastodonAPIController, :mute)
      post("/accounts/:id/unmute", MastodonAPIController, :unmute)
291 292 293 294 295 296

      post("/follow_requests/:id/authorize", MastodonAPIController, :authorize_follow_request)
      post("/follow_requests/:id/reject", MastodonAPIController, :reject_follow_request)

      post("/domain_blocks", MastodonAPIController, :block_domain)
      delete("/domain_blocks", MastodonAPIController, :unblock_domain)
297 298 299 300
    end

    scope [] do
      pipe_through(:oauth_push)
301 302 303 304 305 306

      post("/push/subscription", MastodonAPIController, :create_push_subscription)
      get("/push/subscription", MastodonAPIController, :get_push_subscription)
      put("/push/subscription", MastodonAPIController, :update_push_subscription)
      delete("/push/subscription", MastodonAPIController, :delete_push_subscription)
    end
lain's avatar
lain committed
307 308
  end

309
  scope "/api/web", Pleroma.Web.MastodonAPI do
310
    pipe_through([:authenticated_api, :oauth_write])
311 312 313 314

    put("/settings", MastodonAPIController, :put_settings)
  end

315
  scope "/api/v1", Pleroma.Web.MastodonAPI do
lain's avatar
lain committed
316
    pipe_through(:api)
317

lain's avatar
lain committed
318 319 320 321 322
    get("/instance", MastodonAPIController, :masto_instance)
    get("/instance/peers", MastodonAPIController, :peers)
    post("/apps", MastodonAPIController, :create_app)
    get("/custom_emojis", MastodonAPIController, :custom_emojis)

323
    get("/statuses/:id/card", MastodonAPIController, :status_card)
324

lain's avatar
lain committed
325 326 327
    get("/statuses/:id/favourited_by", MastodonAPIController, :favourited_by)
    get("/statuses/:id/reblogged_by", MastodonAPIController, :reblogged_by)

Haelwenn's avatar
Haelwenn committed
328 329
    get("/trends", MastodonAPIController, :empty_array)

330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346
    scope [] do
      pipe_through(:oauth_read_or_unauthenticated)

      get("/timelines/public", MastodonAPIController, :public_timeline)
      get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline)
      get("/timelines/list/:list_id", MastodonAPIController, :list_timeline)

      get("/statuses/:id", MastodonAPIController, :get_status)
      get("/statuses/:id/context", MastodonAPIController, :get_context)

      get("/accounts/:id/statuses", MastodonAPIController, :user_statuses)
      get("/accounts/:id/followers", MastodonAPIController, :followers)
      get("/accounts/:id/following", MastodonAPIController, :following)
      get("/accounts/:id", MastodonAPIController, :user)

      get("/search", MastodonAPIController, :search)
    end
347 348
  end

349
  scope "/api/v2", Pleroma.Web.MastodonAPI do
350
    pipe_through([:api, :oauth_read_or_unauthenticated])
351 352 353
    get("/search", MastodonAPIController, :search2)
  end

lain's avatar
lain committed
354
  scope "/api", Pleroma.Web do
lain's avatar
lain committed
355
    pipe_through(:config)
dtluna's avatar
dtluna committed
356

lain's avatar
lain committed
357 358 359 360
    get("/help/test", TwitterAPI.UtilController, :help_test)
    post("/help/test", TwitterAPI.UtilController, :help_test)
    get("/statusnet/config", TwitterAPI.UtilController, :config)
    get("/statusnet/version", TwitterAPI.UtilController, :version)
361
    get("/pleroma/frontend_configurations", TwitterAPI.UtilController, :frontend_configurations)
lain's avatar
lain committed
362 363 364
  end

  scope "/api", Pleroma.Web do
lain's avatar
lain committed
365
    pipe_through(:api)
dtluna's avatar
dtluna committed
366

HJ's avatar
HJ committed
367
    post("/account/register", TwitterAPI.Controller, :register)
368
    post("/account/password_reset", TwitterAPI.Controller, :password_reset)
lain's avatar
lain committed
369

370 371
    post("/account/resend_confirmation_email", TwitterAPI.Controller, :resend_confirmation_email)

372 373 374 375 376 377
    get(
      "/account/confirm_email/:user_id/:token",
      TwitterAPI.Controller,
      :confirm_email,
      as: :confirm_email
    )
lain's avatar
lain committed
378

379 380 381 382 383 384 385 386 387 388 389 390
    scope [] do
      pipe_through(:oauth_read_or_unauthenticated)

      get("/statuses/user_timeline", TwitterAPI.Controller, :user_timeline)
      get("/qvitter/statuses/user_timeline", TwitterAPI.Controller, :user_timeline)
      get("/users/show", TwitterAPI.Controller, :show_user)

      get("/statuses/followers", TwitterAPI.Controller, :followers)
      get("/statuses/friends", TwitterAPI.Controller, :friends)
      get("/statuses/blocks", TwitterAPI.Controller, :blocks)
      get("/statuses/show/:id", TwitterAPI.Controller, :fetch_status)
      get("/statusnet/conversation/:id", TwitterAPI.Controller, :fetch_conversation)
391

392 393 394
      get("/search", TwitterAPI.Controller, :search)
      get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline)
    end
395 396
  end

397
  scope "/api", Pleroma.Web do
398
    pipe_through([:api, :oauth_read_or_unauthenticated])
399 400 401 402 403 404 405 406 407 408 409 410

    get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline)

    get(
      "/statuses/public_and_external_timeline",
      TwitterAPI.Controller,
      :public_and_external_timeline
    )

    get("/statuses/networkpublic_timeline", TwitterAPI.Controller, :public_and_external_timeline)
  end

411
  scope "/api", Pleroma.Web, as: :twitter_api_search do
412
    pipe_through([:api, :oauth_read_or_unauthenticated])
413 414 415 416
    get("/pleroma/search_user", TwitterAPI.Controller, :search_user)
  end

  scope "/api", Pleroma.Web, as: :authenticated_twitter_api do
lain's avatar
lain committed
417
    pipe_through(:authenticated_api)
418

419 420
    get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens)
    delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token)
dtluna's avatar
dtluna committed
421

422 423 424
    scope [] do
      pipe_through(:oauth_read)

425 426 427
      get("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials)
      post("/account/verify_credentials", TwitterAPI.Controller, :verify_credentials)

428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443
      get("/statuses/home_timeline", TwitterAPI.Controller, :friends_timeline)
      get("/statuses/friends_timeline", TwitterAPI.Controller, :friends_timeline)
      get("/statuses/mentions", TwitterAPI.Controller, :mentions_timeline)
      get("/statuses/mentions_timeline", TwitterAPI.Controller, :mentions_timeline)
      get("/statuses/dm_timeline", TwitterAPI.Controller, :dm_timeline)
      get("/qvitter/statuses/notifications", TwitterAPI.Controller, :notifications)

      get("/pleroma/friend_requests", TwitterAPI.Controller, :friend_requests)

      get("/friends/ids", TwitterAPI.Controller, :friends_ids)
      get("/friendships/no_retweets/ids", TwitterAPI.Controller, :empty_array)

      get("/mutes/users/ids", TwitterAPI.Controller, :empty_array)
      get("/qvitter/mutes", TwitterAPI.Controller, :raw_empty_array)

      get("/externalprofile/show", TwitterAPI.Controller, :external_profile)
lain's avatar
lain committed
444

445 446
      post("/qvitter/statuses/notifications/read", TwitterAPI.Controller, :notifications_read)
    end
dtluna's avatar
dtluna committed
447

448 449
    scope [] do
      pipe_through(:oauth_write)
450

451 452 453
      post("/account/update_profile", TwitterAPI.Controller, :update_profile)
      post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner)
      post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background)
dtluna's avatar
dtluna committed
454

455 456 457 458
      post("/statuses/update", TwitterAPI.Controller, :status_update)
      post("/statuses/retweet/:id", TwitterAPI.Controller, :retweet)
      post("/statuses/unretweet/:id", TwitterAPI.Controller, :unretweet)
      post("/statuses/destroy/:id", TwitterAPI.Controller, :delete_post)
459

460 461
      post("/statuses/pin/:id", TwitterAPI.Controller, :pin)
      post("/statuses/unpin/:id", TwitterAPI.Controller, :unpin)
462

463 464 465
      post("/statusnet/media/upload", TwitterAPI.Controller, :upload)
      post("/media/upload", TwitterAPI.Controller, :upload_json)
      post("/media/metadata/create", TwitterAPI.Controller, :update_media)
dtluna's avatar
dtluna committed
466

467 468 469
      post("/favorites/create/:id", TwitterAPI.Controller, :favorite)
      post("/favorites/create", TwitterAPI.Controller, :favorite)
      post("/favorites/destroy/:id", TwitterAPI.Controller, :unfavorite)
dtluna's avatar
dtluna committed
470

471 472
      post("/qvitter/update_avatar", TwitterAPI.Controller, :update_avatar)
    end
dtluna's avatar
dtluna committed
473

474 475
    scope [] do
      pipe_through(:oauth_follow)
lain's avatar
lain committed
476

477 478
      post("/pleroma/friendships/approve", TwitterAPI.Controller, :approve_friend_request)
      post("/pleroma/friendships/deny", TwitterAPI.Controller, :deny_friend_request)
479

480 481
      post("/friendships/create", TwitterAPI.Controller, :follow)
      post("/friendships/destroy", TwitterAPI.Controller, :unfollow)
482

483 484 485
      post("/blocks/create", TwitterAPI.Controller, :block)
      post("/blocks/destroy", TwitterAPI.Controller, :unblock)
    end
lain's avatar
lain committed
486
  end
lain's avatar
lain committed
487

488 489 490 491
  pipeline :ap_relay do
    plug(:accepts, ["activity+json"])
  end

492
  pipeline :ostatus do
493
    plug(:accepts, ["html", "xml", "atom", "activity+json"])
494 495
  end

496 497 498 499
  pipeline :oembed do
    plug(:accepts, ["json", "xml"])
  end

lain's avatar
lain committed
500
  scope "/", Pleroma.Web do
lain's avatar
lain committed
501
    pipe_through(:ostatus)
502

lain's avatar
lain committed
503 504 505 506 507
    get("/objects/:uuid", OStatus.OStatusController, :object)
    get("/activities/:uuid", OStatus.OStatusController, :activity)
    get("/notice/:id", OStatus.OStatusController, :notice)
    get("/users/:nickname/feed", OStatus.OStatusController, :feed)
    get("/users/:nickname", OStatus.OStatusController, :feed_redirect)
lain's avatar
lain committed
508

href's avatar
href committed
509 510 511 512
    post("/users/:nickname/salmon", OStatus.OStatusController, :salmon_incoming)
    post("/push/hub/:nickname", Websub.WebsubController, :websub_subscription_request)
    get("/push/subscriptions/:id", Websub.WebsubController, :websub_subscription_confirmation)
    post("/push/subscriptions/:id", Websub.WebsubController, :websub_incoming)
513 514
  end

515 516 517 518 519 520
  scope "/", Pleroma.Web do
    pipe_through(:oembed)

    get("/oembed", OEmbed.OEmbedController, :url)
  end

lain's avatar
lain committed
521
  pipeline :activitypub do
lain's avatar
lain committed
522 523
    plug(:accepts, ["activity+json"])
    plug(Pleroma.Web.Plugs.HTTPSignaturePlug)
lain's avatar
lain committed
524 525
  end

526 527
  scope "/", Pleroma.Web.ActivityPub do
    # XXX: not really ostatus
lain's avatar
lain committed
528
    pipe_through(:ostatus)
529

lain's avatar
lain committed
530 531 532
    get("/users/:nickname/followers", ActivityPubController, :followers)
    get("/users/:nickname/following", ActivityPubController, :following)
    get("/users/:nickname/outbox", ActivityPubController, :outbox)
533
    get("/objects/:uuid/likes", ActivityPubController, :object_likes)
534 535
  end

536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552
  pipeline :activitypub_client do
    plug(:accepts, ["activity+json"])
    plug(:fetch_session)
    plug(Pleroma.Plugs.OAuthPlug)
    plug(Pleroma.Plugs.BasicAuthDecoderPlug)
    plug(Pleroma.Plugs.UserFetcherPlug)
    plug(Pleroma.Plugs.SessionAuthenticationPlug)
    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
    plug(Pleroma.Plugs.AuthenticationPlug)
    plug(Pleroma.Plugs.UserEnabledPlug)
    plug(Pleroma.Plugs.SetUserSessionIdPlug)
    plug(Pleroma.Plugs.EnsureUserKeyPlug)
  end

  scope "/", Pleroma.Web.ActivityPub do
    pipe_through([:activitypub_client])

553 554 555 556 557 558 559 560 561 562
    scope [] do
      pipe_through(:oauth_read)
      get("/api/ap/whoami", ActivityPubController, :whoami)
      get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
    end

    scope [] do
      pipe_through(:oauth_write)
      post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
    end
563 564
  end

href's avatar
href committed
565 566 567 568
  scope "/relay", Pleroma.Web.ActivityPub do
    pipe_through(:ap_relay)
    get("/", ActivityPubController, :relay)
  end
569

href's avatar
href committed
570 571 572
  scope "/", Pleroma.Web.ActivityPub do
    pipe_through(:activitypub)
    post("/inbox", ActivityPubController, :inbox)
573
    post("/users/:nickname/inbox", ActivityPubController, :inbox)
href's avatar
href committed
574
  end
lain's avatar
lain committed
575

href's avatar
href committed
576 577
  scope "/.well-known", Pleroma.Web do
    pipe_through(:well_known)
lain's avatar
lain committed
578

href's avatar
href committed
579 580 581 582
    get("/host-meta", WebFinger.WebFingerController, :host_meta)
    get("/webfinger", WebFinger.WebFingerController, :webfinger)
    get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas)
  end
dashie's avatar
dashie committed
583

href's avatar
href committed
584 585
  scope "/nodeinfo", Pleroma.Web do
    get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
lain's avatar
lain committed
586
  end
lain's avatar
lain committed
587

lain's avatar
lain committed
588
  scope "/", Pleroma.Web.MastodonAPI do
lain's avatar
lain committed
589
    pipe_through(:mastodon_html)
lain's avatar
lain committed
590

lain's avatar
lain committed
591 592
    get("/web/login", MastodonAPIController, :login)
    delete("/auth/sign_out", MastodonAPIController, :logout)
593 594

    scope [] do
595
      pipe_through(:oauth_read_or_unauthenticated)
596 597
      get("/web/*path", MastodonAPIController, :index)
    end
lain's avatar
lain committed
598 599
  end

href's avatar
href committed
600 601
  pipeline :remote_media do
  end
lain's avatar
lain committed
602

href's avatar
href committed
603
  scope "/proxy/", Pleroma.Web.MediaProxy do
lain's avatar
lain committed
604
    pipe_through(:remote_media)
605

lain's avatar
lain committed
606
    get("/:sig/:url", MediaProxyController, :remote)
607
    get("/:sig/:url/:filename", MediaProxyController, :remote)
href's avatar
href committed
608 609
  end

610 611 612 613 614 615
  if Mix.env() == :dev do
    scope "/dev" do
      pipe_through([:mailbox_preview])

      forward("/mailbox", Plug.Swoosh.MailboxPreview, base_path: "/dev/mailbox")
    end
href's avatar
href committed
616 617
  end

lain's avatar
lain committed
618
  scope "/", Fallback do
HJ's avatar
HJ committed
619
    get("/registration/:token", RedirectController, :registration_page)
620 621
    get("/:maybe_nickname_or_id", RedirectController, :redirector_with_meta)
    get("/*path", RedirectController, :redirector)
622 623

    options("/*path", RedirectController, :empty)
lain's avatar
lain committed
624 625 626 627 628
  end
end

defmodule Fallback.RedirectController do
  use Pleroma.Web, :controller
629
  alias Pleroma.Web.Metadata
630
  alias Pleroma.User
lain's avatar
lain committed
631

632
  def redirector(conn, _params, code \\ 200) do
633 634
    conn
    |> put_resp_content_type("text/html")
635
    |> send_file(code, index_file_path())
636
  end
HJ's avatar
HJ committed
637

638 639 640 641 642 643 644 645 646
  def redirector_with_meta(conn, %{"maybe_nickname_or_id" => maybe_nickname_or_id} = params) do
    with %User{} = user <- User.get_cached_by_nickname_or_id(maybe_nickname_or_id) do
      redirector_with_meta(conn, %{user: user})
    else
      nil ->
        redirector(conn, params)
    end
  end

647
  def redirector_with_meta(conn, params) do
648
    {:ok, index_content} = File.read(index_file_path())
649
    tags = Metadata.build_tags(params)
650 651 652 653 654 655 656
    response = String.replace(index_content, "<!--server-generated-meta-->", tags)

    conn
    |> put_resp_content_type("text/html")
    |> send_resp(200, response)
  end

657
  def index_file_path do
raeno's avatar
raeno committed
658
    Pleroma.Plugs.InstanceStatic.file_path("index.html")
659 660
  end

HJ's avatar
HJ committed
661 662 663
  def registration_page(conn, params) do
    redirector(conn, params)
  end
664 665 666 667 668 669

  def empty(conn, _params) do
    conn
    |> put_status(204)
    |> text("")
  end
lain's avatar
lain committed
670
end