router.ex 30.2 KB
Newer Older
1
# Pleroma: A lightweight social networking server
Sean King's avatar
Sean King committed
2
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3
4
# SPDX-License-Identifier: AGPL-3.0-only

lain's avatar
lain committed
5
6
defmodule Pleroma.Web.Router do
  use Pleroma.Web, :router
Alex Gleason's avatar
Alex Gleason committed
7
  import Phoenix.LiveDashboard.Router
lain's avatar
lain committed
8

9
10
11
12
  pipeline :accepts_html do
    plug(:accepts, ["html"])
  end

13
14
15
16
17
18
19
20
21
22
23
24
  pipeline :accepts_html_xml do
    plug(:accepts, ["html", "xml", "rss", "atom"])
  end

  pipeline :accepts_html_json do
    plug(:accepts, ["html", "activity+json", "json"])
  end

  pipeline :accepts_html_xml_json do
    plug(:accepts, ["html", "xml", "rss", "atom", "activity+json", "json"])
  end

25
26
27
28
  pipeline :accepts_xml_rss_atom do
    plug(:accepts, ["xml", "rss", "atom"])
  end

Ivan Tashkinov's avatar
Ivan Tashkinov committed
29
30
31
32
33
  pipeline :browser do
    plug(:accepts, ["html"])
    plug(:fetch_session)
  end

34
35
  pipeline :oauth do
    plug(:fetch_session)
Alexander Strizhakov's avatar
Alexander Strizhakov committed
36
    plug(Pleroma.Web.Plugs.OAuthPlug)
37
    plug(Pleroma.Web.Plugs.UserEnabledPlug)
38
    plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)
39
40
  end

41
42
  # Note: expects _user_ authentication (user-unbound app-bound tokens don't qualify)
  pipeline :expect_user_authentication do
43
    plug(Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug)
44
45
  end

46
47
  # Note: expects public instance or _user_ authentication (user-unbound tokens don't qualify)
  pipeline :expect_public_instance_or_user_authentication do
48
    plug(Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug)
49
50
  end

minibikini's avatar
minibikini committed
51
  pipeline :authenticate do
Alexander Strizhakov's avatar
Alexander Strizhakov committed
52
    plug(Pleroma.Web.Plugs.OAuthPlug)
53
    plug(Pleroma.Web.Plugs.BasicAuthDecoderPlug)
54
    plug(Pleroma.Web.Plugs.UserFetcherPlug)
55
    plug(Pleroma.Web.Plugs.AuthenticationPlug)
minibikini's avatar
minibikini committed
56
57
58
  end

  pipeline :after_auth do
59
    plug(Pleroma.Web.Plugs.UserEnabledPlug)
60
    plug(Pleroma.Web.Plugs.SetUserSessionIdPlug)
61
    plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)
minibikini's avatar
minibikini committed
62
    plug(Pleroma.Web.Plugs.UserTrackingPlug)
lain's avatar
lain committed
63
64
  end

minibikini's avatar
minibikini committed
65
  pipeline :base_api do
lain's avatar
lain committed
66
67
    plug(:accepts, ["json"])
    plug(:fetch_session)
minibikini's avatar
minibikini committed
68
69
70
71
    plug(:authenticate)
    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
  end

72
  pipeline :no_auth_or_privacy_expectations_api do
minibikini's avatar
minibikini committed
73
74
    plug(:base_api)
    plug(:after_auth)
75
    plug(Pleroma.Web.Plugs.IdempotencyPlug)
minibikini's avatar
minibikini committed
76
77
  end

78
79
80
81
82
83
84
85
86
87
  # Pipeline for app-related endpoints (no user auth checks — app-bound tokens must be supported)
  pipeline :app_api do
    plug(:no_auth_or_privacy_expectations_api)
  end

  pipeline :api do
    plug(:expect_public_instance_or_user_authentication)
    plug(:no_auth_or_privacy_expectations_api)
  end

minibikini's avatar
minibikini committed
88
  pipeline :authenticated_api do
89
90
    plug(:expect_user_authentication)
    plug(:no_auth_or_privacy_expectations_api)
91
    plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
lain's avatar
lain committed
92
93
  end

Haelwenn's avatar
Haelwenn committed
94
  pipeline :admin_api do
95
    plug(:expect_user_authentication)
minibikini's avatar
minibikini committed
96
    plug(:base_api)
97
    plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug)
minibikini's avatar
minibikini committed
98
    plug(:after_auth)
99
    plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
100
    plug(Pleroma.Web.Plugs.UserIsStaffPlug)
101
    plug(Pleroma.Web.Plugs.IdempotencyPlug)
Haelwenn's avatar
Haelwenn committed
102
103
  end

104
105
  pipeline :require_privileged_staff do
    plug(Pleroma.Web.Plugs.EnsureStaffPrivilegedPlug)
106
107
108
109
110
111
  end

  pipeline :require_admin do
    plug(Pleroma.Web.Plugs.UserIsAdminPlug)
  end

112
  pipeline :pleroma_html do
minibikini's avatar
minibikini committed
113
114
    plug(:browser)
    plug(:authenticate)
115
    plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)
116
117
  end

lain's avatar
lain committed
118
  pipeline :well_known do
lain's avatar
lain committed
119
    plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"])
lain's avatar
lain committed
120
121
  end

lain's avatar
lain committed
122
  pipeline :config do
lain's avatar
lain committed
123
    plug(:accepts, ["json", "xml"])
minibikini's avatar
minibikini committed
124
    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
lain's avatar
lain committed
125
126
  end

eal's avatar
eal committed
127
  pipeline :pleroma_api do
lain's avatar
lain committed
128
    plug(:accepts, ["html", "json"])
minibikini's avatar
minibikini committed
129
    plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
Roger Braun's avatar
Roger Braun committed
130
131
  end

132
133
134
135
136
137
138
139
140
  pipeline :mailbox_preview do
    plug(:accepts, ["html"])

    plug(:put_secure_browser_headers, %{
      "content-security-policy" =>
        "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'"
    })
  end

Maksim's avatar
Maksim committed
141
142
  pipeline :http_signature do
    plug(Pleroma.Web.Plugs.HTTPSignaturePlug)
143
    plug(Pleroma.Web.Plugs.MappedSignatureToIdentityPlug)
Maksim's avatar
Maksim committed
144
145
  end

146
147
148
149
  pipeline :static_fe do
    plug(Pleroma.Web.Plugs.StaticFEPlug)
  end

150
  scope "/api/v1/pleroma", Pleroma.Web.TwitterAPI do
lain's avatar
lain committed
151
    pipe_through(:pleroma_api)
152

153
154
    get("/password_reset/:token", PasswordController, :reset, as: :reset_password)
    post("/password_reset", PasswordController, :do_reset, as: :reset_password)
lain's avatar
lain committed
155
    get("/emoji", UtilController, :emoji)
156
    get("/captcha", UtilController, :captcha)
157
    get("/healthcheck", UtilController, :healthcheck)
158
    post("/remote_interaction", UtilController, :remote_interaction)
Roger Braun's avatar
Roger Braun committed
159
160
  end

161
  scope "/api/v1/pleroma", Pleroma.Web do
href's avatar
href committed
162
163
164
165
    pipe_through(:pleroma_api)
    post("/uploader_callback/:upload_path", UploaderController, :callback)
  end

166
  # AdminAPI: only admins can perform these actions
167
  scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
168
    pipe_through([:admin_api, :require_admin])
169

170
    put("/users/disable_mfa", AdminAPIController, :disable_mfa)
Haelwenn's avatar
Haelwenn committed
171

Sachin Joshi's avatar
Sachin Joshi committed
172
173
    get("/users/:nickname/permission_group", AdminAPIController, :right_get)
    get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)
Maxim Filippov's avatar
Maxim Filippov committed
174

Sachin Joshi's avatar
Sachin Joshi committed
175
176
177
178
179
180
181
182
    post("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_add)

    delete(
      "/users/:nickname/permission_group/:permission_group",
      AdminAPIController,
      :right_delete
    )

Maxim Filippov's avatar
Maxim Filippov committed
183
184
185
186
187
188
189
    post("/users/permission_group/:permission_group", AdminAPIController, :right_add_multiple)

    delete(
      "/users/permission_group/:permission_group",
      AdminAPIController,
      :right_delete_multiple
    )
190

Maksim's avatar
Maksim committed
191
192
193
    post("/users/follow", UserController, :follow)
    post("/users/unfollow", UserController, :unfollow)
    post("/users", UserController, :create)
194

195
196
    patch("/users/suggest", UserController, :suggest)
    patch("/users/unsuggest", UserController, :unsuggest)
Maksim's avatar
Maksim committed
197

198
199
200
    get("/relay", RelayController, :index)
    post("/relay", RelayController, :follow)
    delete("/relay", RelayController, :unfollow)
Haelwenn's avatar
Haelwenn committed
201

202
    patch("/users/force_password_reset", AdminAPIController, :force_password_reset)
203
204
    get("/users/:nickname/credentials", AdminAPIController, :show_user_credentials)
    patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials)
Sachin Joshi's avatar
Sachin Joshi committed
205

206
207
208
209
    get("/instance_document/:name", InstanceDocumentController, :show)
    patch("/instance_document/:name", InstanceDocumentController, :update)
    delete("/instance_document/:name", InstanceDocumentController, :delete)

210
211
212
    patch("/users/confirm_email", AdminAPIController, :confirm_email)
    patch("/users/resend_confirmation_email", AdminAPIController, :resend_confirmation_email)

213
214
215
    get("/config", ConfigController, :show)
    post("/config", ConfigController, :update)
    get("/config/descriptions", ConfigController, :descriptions)
216
    get("/need_reboot", AdminAPIController, :need_reboot)
217
    get("/restart", AdminAPIController, :restart)
Maxim Filippov's avatar
Maxim Filippov committed
218

219
220
221
222
    get("/oauth_app", OAuthAppController, :index)
    post("/oauth_app", OAuthAppController, :create)
    patch("/oauth_app/:id", OAuthAppController, :update)
    delete("/oauth_app/:id", OAuthAppController, :delete)
223
224
225
226

    get("/media_proxy_caches", MediaProxyCacheController, :index)
    post("/media_proxy_caches/delete", MediaProxyCacheController, :delete)
    post("/media_proxy_caches/purge", MediaProxyCacheController, :purge)
Alex Gleason's avatar
Alex Gleason committed
227

228
    get("/frontends", FrontendController, :index)
minibikini's avatar
minibikini committed
229
    post("/frontends/install", FrontendController, :install)
230

231
    post("/backups", AdminAPIController, :create_backup)
232
233
234
235
236
237
238
239
240

    get("/webhooks", WebhookController, :index)
    get("/webhooks/:id", WebhookController, :show)
    post("/webhooks", WebhookController, :create)
    patch("/webhooks/:id", WebhookController, :update)
    delete("/webhooks/:id", WebhookController, :delete)
    post("/webhooks/:id/enable", WebhookController, :enable)
    post("/webhooks/:id/disable", WebhookController, :disable)
    post("/webhooks/:id/rotate_secret", WebhookController, :rotate_secret)
Haelwenn's avatar
Haelwenn committed
241
242
  end

243
244
245
246
247
248
249
  # AdminAPI: admins and mods (staff) can perform these actions (if enabled by config)
  scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
    pipe_through([:admin_api, :require_privileged_staff])

    delete("/users", UserController, :delete)

    get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)
a1batross's avatar
a1batross committed
250
    patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials)
251
252
253
254
255
256
257
258
259
260

    get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses)
    get("/users/:nickname/chats", AdminAPIController, :list_user_chats)

    get("/statuses", StatusController, :index)

    get("/chats/:id", ChatController, :show)
    get("/chats/:id/messages", ChatController, :messages)
  end

261
262
263
264
265
266
267
  # AdminAPI: admins and mods (staff) can perform these actions
  scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do
    pipe_through(:admin_api)

    put("/users/tag", AdminAPIController, :tag_users)
    delete("/users/tag", AdminAPIController, :untag_users)

Maksim's avatar
Maksim committed
268
269
270
271
272
    patch("/users/:nickname/toggle_activation", UserController, :toggle_activation)
    patch("/users/activate", UserController, :activate)
    patch("/users/deactivate", UserController, :deactivate)
    patch("/users/approve", UserController, :approve)

minibikini's avatar
minibikini committed
273
274
275
276
    post("/users/invite_token", InviteController, :create)
    get("/users/invites", InviteController, :index)
    post("/users/revoke_invite", InviteController, :revoke)
    post("/users/email_invite", InviteController, :email)
277

278
    get("/users", UserController, :index)
Maksim's avatar
Maksim committed
279
    get("/users/:nickname", UserController, :show)
Sergey Suprunenko's avatar
Sergey Suprunenko committed
280

281
282
    get("/instances/:instance/statuses", InstanceController, :list_statuses)
    delete("/instances/:instance", InstanceController, :delete)
283

284
285
286
287
288
    get("/reports", ReportController, :index)
    get("/reports/:id", ReportController, :show)
    patch("/reports", ReportController, :update)
    post("/reports/:id/notes", ReportController, :notes_create)
    delete("/reports/:report_id/notes/:id", ReportController, :notes_delete)
Sergey Suprunenko's avatar
Sergey Suprunenko committed
289

290
291
292
    get("/statuses/:id", StatusController, :show)
    put("/statuses/:id", StatusController, :update)
    delete("/statuses/:id", StatusController, :delete)
293

Maxim Filippov's avatar
Maxim Filippov committed
294
    get("/moderation_log", AdminAPIController, :list_log)
vaartis's avatar
vaartis committed
295
296

    post("/reload_emoji", AdminAPIController, :reload_emoji)
297
    get("/stats", AdminAPIController, :stats)
298

Alex Gleason's avatar
Alex Gleason committed
299
    delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
Haelwenn's avatar
Haelwenn committed
300
301
  end

302
  scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do
Alexander Strizhakov's avatar
Alexander Strizhakov committed
303
304
305
306
307
308
309
310
311
312
313
314
315
316
    scope "/pack" do
      pipe_through(:admin_api)

      post("/", EmojiPackController, :create)
      patch("/", EmojiPackController, :update)
      delete("/", EmojiPackController, :delete)
    end

    scope "/pack" do
      pipe_through(:api)

      get("/", EmojiPackController, :show)
    end

317
    # Modifying packs
vaartis's avatar
vaartis committed
318
    scope "/packs" do
319
      pipe_through(:admin_api)
vaartis's avatar
vaartis committed
320

321
322
323
      get("/import", EmojiPackController, :import_from_filesystem)
      get("/remote", EmojiPackController, :remote)
      post("/download", EmojiPackController, :download)
324

Alexander Strizhakov's avatar
Alexander Strizhakov committed
325
326
327
      post("/files", EmojiFileController, :create)
      patch("/files", EmojiFileController, :update)
      delete("/files", EmojiFileController, :delete)
vaartis's avatar
vaartis committed
328
329
    end

330
    # Pack info / downloading
vaartis's avatar
vaartis committed
331
    scope "/packs" do
332
      pipe_through(:api)
Alexander Strizhakov's avatar
Alexander Strizhakov committed
333

334
      get("/", EmojiPackController, :index)
335
      get("/archive", EmojiPackController, :archive)
vaartis's avatar
vaartis committed
336
337
338
    end
  end

339
  scope "/", Pleroma.Web.TwitterAPI do
lain's avatar
lain committed
340
    pipe_through(:pleroma_html)
341

lain's avatar
lain committed
342
    post("/main/ostatus", UtilController, :remote_subscribe)
343
344
    get("/ostatus_subscribe", RemoteFollowController, :follow)
    post("/ostatus_subscribe", RemoteFollowController, :do_follow)
345
346
  end

eal's avatar
eal committed
347
  scope "/api/pleroma", Pleroma.Web.TwitterAPI do
lain's avatar
lain committed
348
    pipe_through(:authenticated_api)
349

350
351
352
353
354
    post("/change_email", UtilController, :change_email)
    post("/change_password", UtilController, :change_password)
    post("/delete_account", UtilController, :delete_account)
    put("/notification_settings", UtilController, :update_notificaton_settings)
    post("/disable_account", UtilController, :disable_account)
eal's avatar
eal committed
355
356
  end

357
358
359
  scope "/api/pleroma", Pleroma.Web.PleromaAPI do
    pipe_through(:authenticated_api)

Maksim's avatar
Maksim committed
360
361
362
363
    post("/mutes_import", UserImportController, :mutes)
    post("/blocks_import", UserImportController, :blocks)
    post("/follow_import", UserImportController, :follow)

364
365
366
367
368
369
370
    get("/accounts/mfa", TwoFactorAuthenticationController, :settings)
    get("/accounts/mfa/backup_codes", TwoFactorAuthenticationController, :backup_codes)
    get("/accounts/mfa/setup/:method", TwoFactorAuthenticationController, :setup)
    post("/accounts/mfa/confirm/:method", TwoFactorAuthenticationController, :confirm)
    delete("/accounts/mfa/:method", TwoFactorAuthenticationController, :disable)
  end

371
  scope "/oauth", Pleroma.Web.OAuth do
372
373
    # Note: use /api/v1/accounts/verify_credentials for userinfo of signed-in user

374
375
376
377
378
    get("/registration_details", OAuthController, :registration_details)

    post("/mfa/verify", MFAController, :verify, as: :mfa_verify)
    get("/mfa", MFAController, :show)

379
380
    scope [] do
      pipe_through(:oauth)
381

382
      get("/authorize", OAuthController, :authorize)
383
      post("/authorize", OAuthController, :create_authorization)
384
385
    end

386
387
388
    scope [] do
      pipe_through(:fetch_session)

389
      post("/token", OAuthController, :token_exchange)
390
      post("/revoke", OAuthController, :token_revoke)
391
      post("/mfa/challenge", MFAController, :challenge)
392
393
    end

Ivan Tashkinov's avatar
Ivan Tashkinov committed
394
395
396
    scope [] do
      pipe_through(:browser)

397
      get("/prepare_request", OAuthController, :prepare_request)
Ivan Tashkinov's avatar
Ivan Tashkinov committed
398
399
      get("/:provider", OAuthController, :request)
      get("/:provider/callback", OAuthController, :callback)
400
      post("/register", OAuthController, :register)
Ivan Tashkinov's avatar
Ivan Tashkinov committed
401
    end
402
403
  end

404
405
406
  scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
    pipe_through(:api)

407
    get("/apps", AppController, :index)
408
409
    get("/statuses/:id/reactions/:emoji", EmojiReactionController, :index)
    get("/statuses/:id/reactions", EmojiReactionController, :index)
410
411
  end

412
413
414
415
416
417
  scope "/api/v0/pleroma", Pleroma.Web.PleromaAPI do
    pipe_through(:authenticated_api)
    get("/reports", ReportController, :index)
    get("/reports/:id", ReportController, :show)
  end

418
419
  scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
    scope [] do
minibikini's avatar
minibikini committed
420
      pipe_through(:authenticated_api)
421

422
      post("/chats/by-account-id/:id", ChatController, :create)
423
      get("/chats", ChatController, :index)
lain's avatar
lain committed
424
      get("/chats/:id", ChatController, :show)
425
      get("/chats/:id/messages", ChatController, :messages)
lain's avatar
lain committed
426
      post("/chats/:id/messages", ChatController, :post_chat_message)
427
      delete("/chats/:id/messages/:message_id", ChatController, :delete_message)
lain's avatar
lain committed
428
      post("/chats/:id/read", ChatController, :mark_as_read)
429
      post("/chats/:id/messages/:message_id/read", ChatController, :mark_message_as_read)
430

431
432
433
434
      get("/conversations/:id/statuses", ConversationController, :statuses)
      get("/conversations/:id", ConversationController, :show)
      post("/conversations/read", ConversationController, :mark_as_read)
      patch("/conversations/:id", ConversationController, :update)
435

436
437
      put("/statuses/:id/reactions/:emoji", EmojiReactionController, :create)
      delete("/statuses/:id/reactions/:emoji", EmojiReactionController, :delete)
438
      post("/notifications/read", NotificationController, :mark_as_read)
minibikini's avatar
minibikini committed
439

440
441
442
      get("/mascot", MascotController, :show)
      put("/mascot", MascotController, :update)

443
      post("/scrobble", ScrobbleController, :create)
444
445
446

      get("/backups", BackupController, :index)
      post("/backups", BackupController, :create)
447
    end
448
449

    scope [] do
minibikini's avatar
minibikini committed
450
451
      pipe_through(:api)
      get("/accounts/:id/favourites", AccountController, :favourites)
marcin mikołajczak's avatar
marcin mikołajczak committed
452
      get("/accounts/:id/endorsements", AccountController, :endorsements)
minibikini's avatar
minibikini committed
453
454
455
456
457
458
459
    end

    scope [] do
      pipe_through(:authenticated_api)

      post("/accounts/:id/subscribe", AccountController, :subscribe)
      post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)
460

461
      get("/birthdays", AccountController, :birthdays)
462
    end
minibikini's avatar
minibikini committed
463
464

    post("/accounts/confirmation_resend", AccountController, :confirmation_resend)
465
466
467
  end

  scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do
468
    pipe_through(:api)
469
    get("/accounts/:id/scrobbles", ScrobbleController, :index)
470
    get("/federation_status", InstancesController, :show)
471
472
  end

473
474
475
476
477
478
479
  scope "/api/v2/pleroma", Pleroma.Web.PleromaAPI do
    scope [] do
      pipe_through(:authenticated_api)
      get("/chats", ChatController, :index2)
    end
  end

480
  scope "/api/v1", Pleroma.Web.MastodonAPI do
lain's avatar
lain committed
481
    pipe_through(:authenticated_api)
482

483
    get("/accounts/verify_credentials", AccountController, :verify_credentials)
484
    patch("/accounts/update_credentials", AccountController, :update_credentials)
485

486
487
    get("/accounts/relationships", AccountController, :relationships)
    get("/accounts/:id/lists", AccountController, :lists)
488
    get("/accounts/:id/identity_proofs", AccountController, :identity_proofs)
489
    get("/endorsements", AccountController, :endorsements)
490
491
    get("/blocks", AccountController, :blocks)
    get("/mutes", AccountController, :mutes)
Roger Braun's avatar
Roger Braun committed
492

493
494
495
496
497
498
499
    post("/follows", AccountController, :follow_by_uri)
    post("/accounts/:id/follow", AccountController, :follow)
    post("/accounts/:id/unfollow", AccountController, :unfollow)
    post("/accounts/:id/block", AccountController, :block)
    post("/accounts/:id/unblock", AccountController, :unblock)
    post("/accounts/:id/mute", AccountController, :mute)
    post("/accounts/:id/unmute", AccountController, :unmute)
500
    post("/accounts/:id/note", AccountController, :note)
marcin mikołajczak's avatar
marcin mikołajczak committed
501
502
    post("/accounts/:id/pin", AccountController, :endorse)
    post("/accounts/:id/unpin", AccountController, :unendorse)
lain's avatar
lain committed
503

504
505
    get("/conversations", ConversationController, :index)
    post("/conversations/:id/read", ConversationController, :mark_as_read)
506
    delete("/conversations/:id", ConversationController, :delete)
507

508
509
510
511
512
513
514
515
516
517
518
519
520
521
    get("/domain_blocks", DomainBlockController, :index)
    post("/domain_blocks", DomainBlockController, :create)
    delete("/domain_blocks", DomainBlockController, :delete)

    get("/filters", FilterController, :index)

    post("/filters", FilterController, :create)
    get("/filters/:id", FilterController, :show)
    put("/filters/:id", FilterController, :update)
    delete("/filters/:id", FilterController, :delete)

    get("/follow_requests", FollowRequestController, :index)
    post("/follow_requests/:id/authorize", FollowRequestController, :authorize)
    post("/follow_requests/:id/reject", FollowRequestController, :reject)
Eugenij's avatar
Eugenij committed
522

523
524
525
    get("/lists", ListController, :index)
    get("/lists/:id", ListController, :show)
    get("/lists/:id/accounts", ListController, :list_accounts)
lain's avatar
lain committed
526

527
528
529
530
531
    delete("/lists/:id", ListController, :delete)
    post("/lists", ListController, :create)
    put("/lists/:id", ListController, :update)
    post("/lists/:id/accounts", ListController, :add_to_list)
    delete("/lists/:id/accounts", ListController, :remove_from_list)
532

533
534
    get("/markers", MarkerController, :index)
    post("/markers", MarkerController, :upsert)
lain's avatar
lain committed
535

536
    post("/media", MediaController, :create)
537
    get("/media/:id", MediaController, :show)
538
    put("/media/:id", MediaController, :update)
eal's avatar
eal committed
539

540
541
    get("/notifications", NotificationController, :index)
    get("/notifications/:id", NotificationController, :show)
542

543
    post("/notifications/:id/dismiss", NotificationController, :dismiss)
544
545
    post("/notifications/clear", NotificationController, :clear)
    delete("/notifications/destroy_multiple", NotificationController, :destroy_multiple)
546
    # Deprecated: was removed in Mastodon v3, use `/notifications/:id/dismiss` instead
547
    post("/notifications/dismiss", NotificationController, :dismiss_via_body)
eal's avatar
eal committed
548

549
    post("/polls/:id/votes", PollController, :vote)
lain's avatar
lain committed
550

551
    post("/reports", ReportController, :create)
eal's avatar
eal committed
552

553
554
    get("/scheduled_statuses", ScheduledActivityController, :index)
    get("/scheduled_statuses/:id", ScheduledActivityController, :show)
555

556
557
    put("/scheduled_statuses/:id", ScheduledActivityController, :update)
    delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)
eal's avatar
eal committed
558

559
    # Unlike `GET /api/v1/accounts/:id/favourites`, demands authentication
560
561
    get("/favourites", StatusController, :favourites)
    get("/bookmarks", StatusController, :bookmarks)
hakabahitoyo's avatar
hakabahitoyo committed
562

563
564
565
566
567
568
569
570
571
572
573
574
    post("/statuses", StatusController, :create)
    delete("/statuses/:id", StatusController, :delete)
    post("/statuses/:id/reblog", StatusController, :reblog)
    post("/statuses/:id/unreblog", StatusController, :unreblog)
    post("/statuses/:id/favourite", StatusController, :favourite)
    post("/statuses/:id/unfavourite", StatusController, :unfavourite)
    post("/statuses/:id/pin", StatusController, :pin)
    post("/statuses/:id/unpin", StatusController, :unpin)
    post("/statuses/:id/bookmark", StatusController, :bookmark)
    post("/statuses/:id/unbookmark", StatusController, :unbookmark)
    post("/statuses/:id/mute", StatusController, :mute_conversation)
    post("/statuses/:id/unmute", StatusController, :unmute_conversation)
575

576
    post("/push/subscription", SubscriptionController, :create)
577
    get("/push/subscription", SubscriptionController, :show)
578
579
    put("/push/subscription", SubscriptionController, :update)
    delete("/push/subscription", SubscriptionController, :delete)
Maksim's avatar
Maksim committed
580

581
    get("/suggestions", SuggestionController, :index)
582
    delete("/suggestions/:account_id", SuggestionController, :dismiss)
583
584
585

    get("/timelines/home", TimelineController, :home)
    get("/timelines/direct", TimelineController, :direct)
586
    get("/timelines/list/:list_id", TimelineController, :list)
lain's avatar
lain committed
587
588
  end

589
590
591
592
593
594
595
  scope "/api/v1", Pleroma.Web.MastodonAPI do
    pipe_through(:app_api)

    post("/apps", AppController, :create)
    get("/apps/verify_credentials", AppController, :verify_credentials)
  end

Roger Braun's avatar
Roger Braun committed
596
  scope "/api/v1", Pleroma.Web.MastodonAPI do
lain's avatar
lain committed
597
    pipe_through(:api)
598

minibikini's avatar
minibikini committed
599
    get("/accounts/search", SearchController, :account_search)
600
601
    get("/search", SearchController, :search)

602
603
    get("/accounts/lookup", AccountController, :lookup)

604
605
606
607
608
609
    get("/accounts/:id/statuses", AccountController, :statuses)
    get("/accounts/:id/followers", AccountController, :followers)
    get("/accounts/:id/following", AccountController, :following)
    get("/accounts/:id", AccountController, :show)

    post("/accounts", AccountController, :create)
610

611
612
613
    get("/instance", InstanceController, :show)
    get("/instance/peers", InstanceController, :peers)

614
615
616
    get("/statuses", StatusController, :index)
    get("/statuses/:id", StatusController, :show)
    get("/statuses/:id/context", StatusController, :context)
617
618
619
    get("/statuses/:id/card", StatusController, :card)
    get("/statuses/:id/favourited_by", StatusController, :favourited_by)
    get("/statuses/:id/reblogged_by", StatusController, :reblogged_by)
lain's avatar
lain committed
620

minibikini's avatar
minibikini committed
621
    get("/custom_emojis", CustomEmojiController, :index)
Haelwenn's avatar
Haelwenn committed
622

minibikini's avatar
minibikini committed
623
    get("/trends", MastodonAPIController, :empty_array)
624

625
626
    get("/timelines/public", TimelineController, :public)
    get("/timelines/tag/:tag", TimelineController, :hashtag)
627

628
    get("/polls/:id", PollController, :show)
629
630

    get("/directory", DirectoryController, :index)
Roger Braun's avatar
Roger Braun committed
631
632
  end

633
  scope "/api/v2", Pleroma.Web.MastodonAPI do
634
    pipe_through(:api)
635
    get("/search", SearchController, :search2)
636
637

    post("/media", MediaController, :create2)
638
639

    get("/suggestions", SuggestionController, :index2)
640
641
  end

lain's avatar
lain committed
642
  scope "/api", Pleroma.Web do
lain's avatar
lain committed
643
    pipe_through(:config)
dtluna's avatar
dtluna committed
644

lain's avatar
lain committed
645
    get("/pleroma/frontend_configurations", TwitterAPI.UtilController, :frontend_configurations)
lain's avatar
lain committed
646
647
648
  end

  scope "/api", Pleroma.Web do
lain's avatar
lain committed
649
    pipe_through(:api)
dtluna's avatar
dtluna committed
650

651
652
653
654
655
656
    get(
      "/account/confirm_email/:user_id/:token",
      TwitterAPI.Controller,
      :confirm_email,
      as: :confirm_email
    )
657
658
  end

minibikini's avatar
minibikini committed
659
  scope "/api" do
minibikini's avatar
minibikini committed
660
    pipe_through(:base_api)
minibikini's avatar
minibikini committed
661
662
663
664

    get("/openapi", OpenApiSpex.Plug.RenderSpec, [])
  end

665
  scope "/api", Pleroma.Web, as: :authenticated_twitter_api do
lain's avatar
lain committed
666
    pipe_through(:authenticated_api)
667

668
669
    get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens)
    delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token)
670
671
  end

lain's avatar
lain committed
672
  scope "/", Pleroma.Web do
673
    # Note: html format is supported only if static FE is enabled
674
    # Note: http signature is only considered for json requests (no auth for non-json requests)
675
    pipe_through([:accepts_html_json, :http_signature, :static_fe])
lain's avatar
lain committed
676

lain's avatar
lain committed
677
678
679
    get("/objects/:uuid", OStatus.OStatusController, :object)
    get("/activities/:uuid", OStatus.OStatusController, :activity)
    get("/notice/:id", OStatus.OStatusController, :notice)
680

681
682
683
684
685
    # Notice compatibility routes for other frontends
    get("/@:nickname/:id", OStatus.OStatusController, :notice)
    get("/@:nickname/posts/:id", OStatus.OStatusController, :notice)
    get("/:nickname/status/:id", OStatus.OStatusController, :notice)

686
    # Mastodon compatibility routes
687
    get("/users/:nickname/statuses/:id", OStatus.OStatusController, :object)
688
    get("/users/:nickname/statuses/:id/activity", OStatus.OStatusController, :activity)
689
  end
690

691
692
  scope "/", Pleroma.Web do
    # Note: html format is supported only if static FE is enabled
693
    # Note: http signature is only considered for json requests (no auth for non-json requests)
694
    pipe_through([:accepts_html_xml_json, :http_signature, :static_fe])
695

696
    # Note: returns user _profile_ for json requests, redirects to user _feed_ for non-json ones
Maksim's avatar
Maksim committed
697
    get("/users/:nickname", Feed.UserController, :feed_redirect, as: :user_feed)
698
699
700
  end

  scope "/", Pleroma.Web do
701
    # Note: html format is supported only if static FE is enabled
702
    pipe_through([:accepts_html_xml, :static_fe])
703

704
705
    get("/users/:nickname/feed", Feed.UserController, :feed, as: :user_feed)
  end
Maksim's avatar
Maksim committed
706

707
708
709
710
711
712
713
  scope "/", Pleroma.Web do
    pipe_through(:accepts_html)
    get("/notice/:id/embed_player", OStatus.OStatusController, :notice_player)
  end

  scope "/", Pleroma.Web do
    pipe_through(:accepts_xml_rss_atom)
Maksim's avatar
Maksim committed
714
    get("/tags/:tag", Feed.TagController, :feed, as: :tag_feed)
715
  end
lain's avatar
lain committed
716

717
718
  scope "/", Pleroma.Web do
    pipe_through(:browser)
Roman Chvanikov's avatar
Roman Chvanikov committed
719
    get("/mailer/unsubscribe/:token", Mailer.SubscriptionController, :unsubscribe)
lain's avatar
lain committed
720
721
  end

minibikini's avatar
minibikini committed
722
723
724
725
726
727
728
729
730
731
  pipeline :ap_service_actor do
    plug(:accepts, ["activity+json", "json"])
  end

  # Server to Server (S2S) AP interactions
  pipeline :activitypub do
    plug(:ap_service_actor)
    plug(:http_signature)
  end

732
  # Client to Server (C2S) AP interactions
733
  pipeline :activitypub_client do
minibikini's avatar
minibikini committed
734
    plug(:ap_service_actor)
735
    plug(:fetch_session)
minibikini's avatar
minibikini committed
736
737
    plug(:authenticate)
    plug(:after_auth)
738
739
740
741
742
  end

  scope "/", Pleroma.Web.ActivityPub do
    pipe_through([:activitypub_client])

743
744
    get("/api/ap/whoami", ActivityPubController, :whoami)
    get("/users/:nickname/inbox", ActivityPubController, :read_inbox)
745

746
    get("/users/:nickname/outbox", ActivityPubController, :outbox)
747
748
    post("/users/:nickname/outbox", ActivityPubController, :update_outbox)
    post("/api/ap/upload_media", ActivityPubController, :upload_media)
749

750
    # The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`:
751
752
    get("/users/:nickname/followers", ActivityPubController, :followers)
    get("/users/:nickname/following", ActivityPubController, :following)
Alexander Strizhakov's avatar
Alexander Strizhakov committed
753
    get("/users/:nickname/collections/featured", ActivityPubController, :pinned)
754
755
  end

756
757
758
759
760
761
  scope "/", Pleroma.Web.ActivityPub do
    pipe_through(:activitypub)
    post("/inbox", ActivityPubController, :inbox)
    post("/users/:nickname/inbox", ActivityPubController, :inbox)
  end

href's avatar
href committed
762
  scope "/relay", Pleroma.Web.ActivityPub do
763
764
    pipe_through(:ap_service_actor)

href's avatar
href committed
765
    get("/", ActivityPubController, :relay)
Maksim's avatar
Maksim committed
766
767
768
769
770

    scope [] do
      pipe_through(:http_signature)
      post("/inbox", ActivityPubController, :inbox)
    end
Maksim's avatar
Maksim committed
771

772
773
    get("/following", ActivityPubController, :relay_following)
    get("/followers", ActivityPubController, :relay_followers)
774
775
776
777
778
779
780
  end

  scope "/internal/fetch", Pleroma.Web.ActivityPub do
    pipe_through(:ap_service_actor)

    get("/", ActivityPubController, :internal_fetch)
    post("/inbox", ActivityPubController, :inbox)
href's avatar
href committed
781
  end
782

href's avatar
href committed
783
784
  scope "/.well-known", Pleroma.Web do
    pipe_through(:well_known)
lain's avatar
lain committed
785

href's avatar
href committed
786
787
788
789
    get("/host-meta", WebFinger.WebFingerController, :host_meta)
    get("/webfinger", WebFinger.WebFingerController, :webfinger)
    get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas)
  end
dashie's avatar
dashie committed
790

href's avatar
href committed
791
792
  scope "/nodeinfo", Pleroma.Web do
    get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
lain's avatar
lain committed
793
  end
lain's avatar
lain committed
794

KokaKiwi's avatar
KokaKiwi committed
795
796
797
  scope "/", Pleroma.Web do
    pipe_through(:api)

Alex Gleason's avatar
Alex Gleason committed
798
    get("/manifest.json", ManifestController, :show)
KokaKiwi's avatar
KokaKiwi committed
799
800
  end

minibikini's avatar
minibikini committed
801
  scope "/", Pleroma.Web do
Alex Gleason's avatar
Alex Gleason committed
802
    pipe_through(:pleroma_html)
minibikini's avatar
minibikini committed
803

Alex Gleason's avatar
Alex Gleason committed
804
    post("/auth/password", TwitterAPI.PasswordController, :request)
lain's avatar
lain committed
805
806
  end

807
808
809
810
811
  scope "/proxy/", Pleroma.Web do
    get("/preview/:sig/:url", MediaProxy.MediaProxyController, :preview)
    get("/preview/:sig/:url/:filename", MediaProxy.MediaProxyController, :preview)
    get("/:sig/:url", MediaProxy.MediaProxyController, :remote)
    get("/:sig/:url/:filename", MediaProxy.MediaProxyController, :remote)
href's avatar
href committed
812
813
  end

814
  if Pleroma.Config.get(:env) == :dev do
815
816
817
818
819
    scope "/dev" do
      pipe_through([:mailbox_preview])

      forward("/mailbox", Plug.Swoosh.MailboxPreview, base_path: "/dev/mailbox")
    end
href's avatar
href committed
820
821
  end

Alex Gleason's avatar
Alex Gleason committed
822
823
824
825
826
  scope "/" do
    pipe_through([:pleroma_html, :authenticate, :require_admin])
    live_dashboard("/phoenix/live_dashboard")
  end

827
828
  # Test-only routes needed to test action dispatching and plug chain execution
  if Pleroma.Config.get(:env) == :test do
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
    @test_actions [
      :do_oauth_check,
      :fallback_oauth_check,
      :skip_oauth_check,
      :fallback_oauth_skip_publicity_check,
      :skip_oauth_skip_publicity_check,
      :missing_oauth_check_definition
    ]

    scope "/test/api", Pleroma.Tests do
      pipe_through(:api)

      for action <- @test_actions do
        get("/#{action}", AuthTestController, action)
      end
    end

846
847
848
    scope "/test/authenticated_api", Pleroma.Tests do
      pipe_through(:authenticated_api)

849
850
      for action <- @test_actions do
        get("/#{action}", AuthTestController, action)
851
852
853
854
      end
    end
  end

855
856
857
858
859
  scope "/", Pleroma.Web.MongooseIM do
    get("/user_exists", MongooseIMController, :user_exists)
    get("/check_password", MongooseIMController, :check_password)
  end

Alexander Strizhakov's avatar
Alexander Strizhakov committed
860
  scope "/", Pleroma.Web.Fallback do
HJ's avatar
HJ committed
861
    get("/registration/:token", RedirectController, :registration_page)
862
    get("/:maybe_nickname_or_id", RedirectController, :redirector_with_meta)
863
    match(:*, "/api/pleroma*path", LegacyPleromaApiRerouterPlug, [])
864
    get("/api*path", RedirectController, :api_not_implemented)
Steven Fuchs's avatar
Steven Fuchs committed
865
    get("/*path", RedirectController, :redirector_with_preload)
866
867

    options("/*path", RedirectController, :empty)
lain's avatar
lain committed
868
  end
869
870
871
872
873
874
875
876
877
878
879
880

  # TODO: Change to Phoenix.Router.routes/1 for Phoenix 1.6.0+
  def get_api_routes do
    __MODULE__.__routes__()
    |> Enum.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end)
    |> Enum.map(fn r ->
      r.path
      |> String.split("/", trim: true)
      |> List.first()
    end)
    |> Enum.uniq()
  end
lain's avatar
lain committed
881
end