squeegily
/
pleroma
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 42 Vikivietne Aktivitāte
Fork of Pleroma with site-specific changes and feature branches https://git.pleroma.social/pleroma/pleroma
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
13444 Revīzijas
154 Atzari
503MB
Koks: 8871ca5aa3
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '8871ca5aa3'
${ noResults }
pleroma/lib/pleroma/web/router.ex

842 rindas
29KB
Neapstrādāts Vainot Vēsture 

  1. # Pleroma: A lightweight social networking server

  2. # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>

  3. # SPDX-License-Identifier: AGPL-3.0-only

  4. 

  5. defmodule Pleroma.Web.Router do

  6.   use Pleroma.Web, :router

  7. 

  8.   pipeline :accepts_html do

  9.     plug(:accepts, ["html"])

  10.   end

  11. 

  12.   pipeline :accepts_html_xml do

  13.     plug(:accepts, ["html", "xml", "rss", "atom"])

  14.   end

  15. 

  16.   pipeline :accepts_html_json do

  17.     plug(:accepts, ["html", "activity+json", "json"])

  18.   end

  19. 

  20.   pipeline :accepts_html_xml_json do

  21.     plug(:accepts, ["html", "xml", "rss", "atom", "activity+json", "json"])

  22.   end

  23. 

  24.   pipeline :accepts_xml_rss_atom do

  25.     plug(:accepts, ["xml", "rss", "atom"])

  26.   end

  27. 

  28.   pipeline :browser do

  29.     plug(:accepts, ["html"])

  30.     plug(:fetch_session)

  31.   end

  32. 

  33.   pipeline :oauth do

  34.     plug(:fetch_session)

  35.     plug(Pleroma.Web.Plugs.OAuthPlug)

  36.     plug(Pleroma.Web.Plugs.UserEnabledPlug)

  37.     plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)

  38.   end

  39. 

  40.   # Note: expects _user_ authentication (user-unbound app-bound tokens don't qualify)

  41.   pipeline :expect_user_authentication do

  42.     plug(Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug)

  43.   end

  44. 

  45.   # Note: expects public instance or _user_ authentication (user-unbound tokens don't qualify)

  46.   pipeline :expect_public_instance_or_user_authentication do

  47.     plug(Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug)

  48.   end

  49. 

  50.   pipeline :authenticate do

  51.     plug(Pleroma.Web.Plugs.OAuthPlug)

  52.     plug(Pleroma.Web.Plugs.BasicAuthDecoderPlug)

  53.     plug(Pleroma.Web.Plugs.UserFetcherPlug)

  54.     plug(Pleroma.Web.Plugs.AuthenticationPlug)

  55.   end

  56. 

  57.   pipeline :after_auth do

  58.     plug(Pleroma.Web.Plugs.UserEnabledPlug)

  59.     plug(Pleroma.Web.Plugs.SetUserSessionIdPlug)

  60.     plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)

  61.     plug(Pleroma.Web.Plugs.UserTrackingPlug)

  62.   end

  63. 

  64.   pipeline :base_api do

  65.     plug(:accepts, ["json"])

  66.     plug(:fetch_session)

  67.     plug(:authenticate)

  68.     plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)

  69.   end

  70. 

  71.   pipeline :no_auth_or_privacy_expectations_api do

  72.     plug(:base_api)

  73.     plug(:after_auth)

  74.     plug(Pleroma.Web.Plugs.IdempotencyPlug)

  75.   end

  76. 

  77.   # Pipeline for app-related endpoints (no user auth checks — app-bound tokens must be supported)

  78.   pipeline :app_api do

  79.     plug(:no_auth_or_privacy_expectations_api)

  80.   end

  81. 

  82.   pipeline :api do

  83.     plug(:expect_public_instance_or_user_authentication)

  84.     plug(:no_auth_or_privacy_expectations_api)

  85.   end

  86. 

  87.   pipeline :authenticated_api do

  88.     plug(:expect_user_authentication)

  89.     plug(:no_auth_or_privacy_expectations_api)

  90.     plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)

  91.   end

  92. 

  93.   pipeline :admin_api do

  94.     plug(:expect_user_authentication)

  95.     plug(:base_api)

  96.     plug(Pleroma.Web.Plugs.AdminSecretAuthenticationPlug)

  97.     plug(:after_auth)

  98.     plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)

  99.     plug(Pleroma.Web.Plugs.UserIsAdminPlug)

  100.     plug(Pleroma.Web.Plugs.IdempotencyPlug)

  101.   end

  102. 

  103.   pipeline :mastodon_html do

  104.     plug(:browser)

  105.     plug(:authenticate)

  106.     plug(:after_auth)

  107.   end

  108. 

  109.   pipeline :pleroma_html do

  110.     plug(:browser)

  111.     plug(:authenticate)

  112.     plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)

  113.   end

  114. 

  115.   pipeline :well_known do

  116.     plug(:accepts, ["json", "jrd+json", "xml", "xrd+xml"])

  117.   end

  118. 

  119.   pipeline :config do

  120.     plug(:accepts, ["json", "xml"])

  121.     plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)

  122.   end

  123. 

  124.   pipeline :pleroma_api do

  125.     plug(:accepts, ["html", "json"])

  126.     plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)

  127.   end

  128. 

  129.   pipeline :mailbox_preview do

  130.     plug(:accepts, ["html"])

  131. 

  132.     plug(:put_secure_browser_headers, %{

  133.       "content-security-policy" =>

  134.         "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'"

  135.     })

  136.   end

  137. 

  138.   pipeline :http_signature do

  139.     plug(Pleroma.Web.Plugs.HTTPSignaturePlug)

  140.     plug(Pleroma.Web.Plugs.MappedSignatureToIdentityPlug)

  141.   end

  142. 

  143.   pipeline :static_fe do

  144.     plug(Pleroma.Web.Plugs.StaticFEPlug)

  145.   end

  146. 

  147.   scope "/api/v1/pleroma", Pleroma.Web.TwitterAPI do

  148.     pipe_through(:pleroma_api)

  149. 

  150.     get("/password_reset/:token", PasswordController, :reset, as: :reset_password)

  151.     post("/password_reset", PasswordController, :do_reset, as: :reset_password)

  152.     get("/emoji", UtilController, :emoji)

  153.     get("/captcha", UtilController, :captcha)

  154.     get("/healthcheck", UtilController, :healthcheck)

  155.   end

  156. 

  157.   scope "/api/v1/pleroma", Pleroma.Web do

  158.     pipe_through(:pleroma_api)

  159.     post("/uploader_callback/:upload_path", UploaderController, :callback)

  160.   end

  161. 

  162.   scope "/api/v1/pleroma/admin", Pleroma.Web.AdminAPI do

  163.     pipe_through(:admin_api)

  164. 

  165.     put("/users/disable_mfa", AdminAPIController, :disable_mfa)

  166.     put("/users/tag", AdminAPIController, :tag_users)

  167.     delete("/users/tag", AdminAPIController, :untag_users)

  168. 

  169.     get("/users/:nickname/permission_group", AdminAPIController, :right_get)

  170.     get("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_get)

  171. 

  172.     post("/users/:nickname/permission_group/:permission_group", AdminAPIController, :right_add)

  173. 

  174.     delete(

  175.       "/users/:nickname/permission_group/:permission_group",

  176.       AdminAPIController,

  177.       :right_delete

  178.     )

  179. 

  180.     post("/users/permission_group/:permission_group", AdminAPIController, :right_add_multiple)

  181. 

  182.     delete(

  183.       "/users/permission_group/:permission_group",

  184.       AdminAPIController,

  185.       :right_delete_multiple

  186.     )

  187. 

  188.     post("/users/follow", UserController, :follow)

  189.     post("/users/unfollow", UserController, :unfollow)

  190.     delete("/users", UserController, :delete)

  191.     post("/users", UserController, :create)

  192.     patch("/users/:nickname/toggle_activation", UserController, :toggle_activation)

  193.     patch("/users/activate", UserController, :activate)

  194.     patch("/users/deactivate", UserController, :deactivate)

  195.     patch("/users/approve", UserController, :approve)

  196. 

  197.     get("/relay", RelayController, :index)

  198.     post("/relay", RelayController, :follow)

  199.     delete("/relay", RelayController, :unfollow)

  200. 

  201.     post("/users/invite_token", InviteController, :create)

  202.     get("/users/invites", InviteController, :index)

  203.     post("/users/revoke_invite", InviteController, :revoke)

  204.     post("/users/email_invite", InviteController, :email)

  205. 

  206.     get("/users/:nickname/password_reset", AdminAPIController, :get_password_reset)

  207.     patch("/users/force_password_reset", AdminAPIController, :force_password_reset)

  208.     get("/users/:nickname/credentials", AdminAPIController, :show_user_credentials)

  209.     patch("/users/:nickname/credentials", AdminAPIController, :update_user_credentials)

  210. 

  211.     get("/users", UserController, :index)

  212.     get("/users/:nickname", UserController, :show)

  213.     get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses)

  214.     get("/users/:nickname/chats", AdminAPIController, :list_user_chats)

  215. 

  216.     get("/instances/:instance/statuses", AdminAPIController, :list_instance_statuses)

  217. 

  218.     get("/instance_document/:name", InstanceDocumentController, :show)

  219.     patch("/instance_document/:name", InstanceDocumentController, :update)

  220.     delete("/instance_document/:name", InstanceDocumentController, :delete)

  221. 

  222.     patch("/users/confirm_email", AdminAPIController, :confirm_email)

  223.     patch("/users/resend_confirmation_email", AdminAPIController, :resend_confirmation_email)

  224. 

  225.     get("/reports", ReportController, :index)

  226.     get("/reports/:id", ReportController, :show)

  227.     patch("/reports", ReportController, :update)

  228.     post("/reports/:id/notes", ReportController, :notes_create)

  229.     delete("/reports/:report_id/notes/:id", ReportController, :notes_delete)

  230. 

  231.     get("/statuses/:id", StatusController, :show)

  232.     put("/statuses/:id", StatusController, :update)

  233.     delete("/statuses/:id", StatusController, :delete)

  234.     get("/statuses", StatusController, :index)

  235. 

  236.     get("/config", ConfigController, :show)

  237.     post("/config", ConfigController, :update)

  238.     get("/config/descriptions", ConfigController, :descriptions)

  239.     get("/need_reboot", AdminAPIController, :need_reboot)

  240.     get("/restart", AdminAPIController, :restart)

  241. 

  242.     get("/moderation_log", AdminAPIController, :list_log)

  243. 

  244.     post("/reload_emoji", AdminAPIController, :reload_emoji)

  245.     get("/stats", AdminAPIController, :stats)

  246. 

  247.     get("/oauth_app", OAuthAppController, :index)

  248.     post("/oauth_app", OAuthAppController, :create)

  249.     patch("/oauth_app/:id", OAuthAppController, :update)

  250.     delete("/oauth_app/:id", OAuthAppController, :delete)

  251. 

  252.     get("/media_proxy_caches", MediaProxyCacheController, :index)

  253.     post("/media_proxy_caches/delete", MediaProxyCacheController, :delete)

  254.     post("/media_proxy_caches/purge", MediaProxyCacheController, :purge)

  255. 

  256.     get("/chats/:id", ChatController, :show)

  257.     get("/chats/:id/messages", ChatController, :messages)

  258.     delete("/chats/:id/messages/:message_id", ChatController, :delete_message)

  259. 

  260.     get("/frontends", FrontendController, :index)

  261.     post("/frontends/install", FrontendController, :install)

  262. 

  263.     post("/backups", AdminAPIController, :create_backup)

  264.   end

  265. 

  266.   scope "/api/v1/pleroma/emoji", Pleroma.Web.PleromaAPI do

  267.     scope "/pack" do

  268.       pipe_through(:admin_api)

  269. 

  270.       post("/", EmojiPackController, :create)

  271.       patch("/", EmojiPackController, :update)

  272.       delete("/", EmojiPackController, :delete)

  273.     end

  274. 

  275.     scope "/pack" do

  276.       pipe_through(:api)

  277. 

  278.       get("/", EmojiPackController, :show)

  279.     end

  280. 

  281.     # Modifying packs

  282.     scope "/packs" do

  283.       pipe_through(:admin_api)

  284. 

  285.       get("/import", EmojiPackController, :import_from_filesystem)

  286.       get("/remote", EmojiPackController, :remote)

  287.       post("/download", EmojiPackController, :download)

  288. 

  289.       post("/files", EmojiFileController, :create)

  290.       patch("/files", EmojiFileController, :update)

  291.       delete("/files", EmojiFileController, :delete)

  292.     end

  293. 

  294.     # Pack info / downloading

  295.     scope "/packs" do

  296.       pipe_through(:api)

  297. 

  298.       get("/", EmojiPackController, :index)

  299.       get("/archive", EmojiPackController, :archive)

  300.     end

  301.   end

  302. 

  303.   scope "/", Pleroma.Web.TwitterAPI do

  304.     pipe_through(:pleroma_html)

  305. 

  306.     post("/main/ostatus", UtilController, :remote_subscribe)

  307.     get("/ostatus_subscribe", RemoteFollowController, :follow)

  308.     post("/ostatus_subscribe", RemoteFollowController, :do_follow)

  309.   end

  310. 

  311.   scope "/api/pleroma", Pleroma.Web.TwitterAPI do

  312.     pipe_through(:authenticated_api)

  313. 

  314.     post("/change_email", UtilController, :change_email)

  315.     post("/change_password", UtilController, :change_password)

  316.     post("/delete_account", UtilController, :delete_account)

  317.     put("/notification_settings", UtilController, :update_notificaton_settings)

  318.     post("/disable_account", UtilController, :disable_account)

  319.   end

  320. 

  321.   scope "/api/pleroma", Pleroma.Web.PleromaAPI do

  322.     pipe_through(:authenticated_api)

  323. 

  324.     post("/mutes_import", UserImportController, :mutes)

  325.     post("/blocks_import", UserImportController, :blocks)

  326.     post("/follow_import", UserImportController, :follow)

  327. 

  328.     get("/accounts/mfa", TwoFactorAuthenticationController, :settings)

  329.     get("/accounts/mfa/backup_codes", TwoFactorAuthenticationController, :backup_codes)

  330.     get("/accounts/mfa/setup/:method", TwoFactorAuthenticationController, :setup)

  331.     post("/accounts/mfa/confirm/:method", TwoFactorAuthenticationController, :confirm)

  332.     delete("/accounts/mfa/:method", TwoFactorAuthenticationController, :disable)

  333.   end

  334. 

  335.   scope "/oauth", Pleroma.Web.OAuth do

  336.     # Note: use /api/v1/accounts/verify_credentials for userinfo of signed-in user

  337. 

  338.     get("/registration_details", OAuthController, :registration_details)

  339. 

  340.     post("/mfa/verify", MFAController, :verify, as: :mfa_verify)

  341.     get("/mfa", MFAController, :show)

  342. 

  343.     scope [] do

  344.       pipe_through(:oauth)

  345. 

  346.       get("/authorize", OAuthController, :authorize)

  347.       post("/authorize", OAuthController, :create_authorization)

  348.     end

  349. 

  350.     scope [] do

  351.       pipe_through(:fetch_session)

  352. 

  353.       post("/token", OAuthController, :token_exchange)

  354.       post("/revoke", OAuthController, :token_revoke)

  355.       post("/mfa/challenge", MFAController, :challenge)

  356.     end

  357. 

  358.     scope [] do

  359.       pipe_through(:browser)

  360. 

  361.       get("/prepare_request", OAuthController, :prepare_request)

  362.       get("/:provider", OAuthController, :request)

  363.       get("/:provider/callback", OAuthController, :callback)

  364.       post("/register", OAuthController, :register)

  365.     end

  366.   end

  367. 

  368.   scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do

  369.     pipe_through(:api)

  370. 

  371.     get("/statuses/:id/reactions/:emoji", EmojiReactionController, :index)

  372.     get("/statuses/:id/reactions", EmojiReactionController, :index)

  373.   end

  374. 

  375.   scope "/api/v0/pleroma", Pleroma.Web.PleromaAPI do

  376.     pipe_through(:authenticated_api)

  377.     get("/reports", ReportController, :index)

  378.     get("/reports/:id", ReportController, :show)

  379.   end

  380. 

  381.   scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do

  382.     scope [] do

  383.       pipe_through(:authenticated_api)

  384. 

  385.       post("/chats/by-account-id/:id", ChatController, :create)

  386.       get("/chats", ChatController, :index)

  387.       get("/chats/:id", ChatController, :show)

  388.       get("/chats/:id/messages", ChatController, :messages)

  389.       post("/chats/:id/messages", ChatController, :post_chat_message)

  390.       delete("/chats/:id/messages/:message_id", ChatController, :delete_message)

  391.       post("/chats/:id/read", ChatController, :mark_as_read)

  392.       post("/chats/:id/messages/:message_id/read", ChatController, :mark_message_as_read)

  393. 

  394.       get("/conversations/:id/statuses", ConversationController, :statuses)

  395.       get("/conversations/:id", ConversationController, :show)

  396.       post("/conversations/read", ConversationController, :mark_as_read)

  397.       patch("/conversations/:id", ConversationController, :update)

  398. 

  399.       put("/statuses/:id/reactions/:emoji", EmojiReactionController, :create)

  400.       delete("/statuses/:id/reactions/:emoji", EmojiReactionController, :delete)

  401.       post("/notifications/read", NotificationController, :mark_as_read)

  402. 

  403.       get("/mascot", MascotController, :show)

  404.       put("/mascot", MascotController, :update)

  405. 

  406.       post("/scrobble", ScrobbleController, :create)

  407. 

  408.       get("/backups", BackupController, :index)

  409.       post("/backups", BackupController, :create)

  410.     end

  411. 

  412.     scope [] do

  413.       pipe_through(:api)

  414.       get("/accounts/:id/favourites", AccountController, :favourites)

  415.     end

  416. 

  417.     scope [] do

  418.       pipe_through(:authenticated_api)

  419. 

  420.       post("/accounts/:id/subscribe", AccountController, :subscribe)

  421.       post("/accounts/:id/unsubscribe", AccountController, :unsubscribe)

  422.     end

  423. 

  424.     post("/accounts/confirmation_resend", AccountController, :confirmation_resend)

  425.   end

  426. 

  427.   scope "/api/v1/pleroma", Pleroma.Web.PleromaAPI do

  428.     pipe_through(:api)

  429.     get("/accounts/:id/scrobbles", ScrobbleController, :index)

  430.     get("/federation_status", InstancesController, :show)

  431.   end

  432. 

  433.   scope "/api/v2/pleroma", Pleroma.Web.PleromaAPI do

  434.     scope [] do

  435.       pipe_through(:authenticated_api)

  436.       get("/chats", ChatController, :index2)

  437.     end

  438.   end

  439. 

  440.   scope "/api/v1", Pleroma.Web.MastodonAPI do

  441.     pipe_through(:authenticated_api)

  442. 

  443.     get("/accounts/verify_credentials", AccountController, :verify_credentials)

  444.     patch("/accounts/update_credentials", AccountController, :update_credentials)

  445. 

  446.     get("/accounts/relationships", AccountController, :relationships)

  447.     get("/accounts/:id/lists", AccountController, :lists)

  448.     get("/accounts/:id/identity_proofs", AccountController, :identity_proofs)

  449.     get("/endorsements", AccountController, :endorsements)

  450.     get("/blocks", AccountController, :blocks)

  451.     get("/mutes", AccountController, :mutes)

  452. 

  453.     post("/follows", AccountController, :follow_by_uri)

  454.     post("/accounts/:id/follow", AccountController, :follow)

  455.     post("/accounts/:id/unfollow", AccountController, :unfollow)

  456.     post("/accounts/:id/block", AccountController, :block)

  457.     post("/accounts/:id/unblock", AccountController, :unblock)

  458.     post("/accounts/:id/mute", AccountController, :mute)

  459.     post("/accounts/:id/unmute", AccountController, :unmute)

  460. 

  461.     get("/conversations", ConversationController, :index)

  462.     post("/conversations/:id/read", ConversationController, :mark_as_read)

  463.     delete("/conversations/:id", ConversationController, :delete)

  464. 

  465.     get("/domain_blocks", DomainBlockController, :index)

  466.     post("/domain_blocks", DomainBlockController, :create)

  467.     delete("/domain_blocks", DomainBlockController, :delete)

  468. 

  469.     get("/filters", FilterController, :index)

  470. 

  471.     post("/filters", FilterController, :create)

  472.     get("/filters/:id", FilterController, :show)

  473.     put("/filters/:id", FilterController, :update)

  474.     delete("/filters/:id", FilterController, :delete)

  475. 

  476.     get("/follow_requests", FollowRequestController, :index)

  477.     post("/follow_requests/:id/authorize", FollowRequestController, :authorize)

  478.     post("/follow_requests/:id/reject", FollowRequestController, :reject)

  479. 

  480.     get("/lists", ListController, :index)

  481.     get("/lists/:id", ListController, :show)

  482.     get("/lists/:id/accounts", ListController, :list_accounts)

  483. 

  484.     delete("/lists/:id", ListController, :delete)

  485.     post("/lists", ListController, :create)

  486.     put("/lists/:id", ListController, :update)

  487.     post("/lists/:id/accounts", ListController, :add_to_list)

  488.     delete("/lists/:id/accounts", ListController, :remove_from_list)

  489. 

  490.     get("/markers", MarkerController, :index)

  491.     post("/markers", MarkerController, :upsert)

  492. 

  493.     post("/media", MediaController, :create)

  494.     get("/media/:id", MediaController, :show)

  495.     put("/media/:id", MediaController, :update)

  496. 

  497.     get("/notifications", NotificationController, :index)

  498.     get("/notifications/:id", NotificationController, :show)

  499. 

  500.     post("/notifications/:id/dismiss", NotificationController, :dismiss)

  501.     post("/notifications/clear", NotificationController, :clear)

  502.     delete("/notifications/destroy_multiple", NotificationController, :destroy_multiple)

  503.     # Deprecated: was removed in Mastodon v3, use `/notifications/:id/dismiss` instead

  504.     post("/notifications/dismiss", NotificationController, :dismiss_via_body)

  505. 

  506.     post("/polls/:id/votes", PollController, :vote)

  507. 

  508.     post("/reports", ReportController, :create)

  509. 

  510.     get("/scheduled_statuses", ScheduledActivityController, :index)

  511.     get("/scheduled_statuses/:id", ScheduledActivityController, :show)

  512. 

  513.     put("/scheduled_statuses/:id", ScheduledActivityController, :update)

  514.     delete("/scheduled_statuses/:id", ScheduledActivityController, :delete)

  515. 

  516.     # Unlike `GET /api/v1/accounts/:id/favourites`, demands authentication

  517.     get("/favourites", StatusController, :favourites)

  518.     get("/bookmarks", StatusController, :bookmarks)

  519. 

  520.     post("/statuses", StatusController, :create)

  521.     delete("/statuses/:id", StatusController, :delete)

  522.     post("/statuses/:id/reblog", StatusController, :reblog)

  523.     post("/statuses/:id/unreblog", StatusController, :unreblog)

  524.     post("/statuses/:id/favourite", StatusController, :favourite)

  525.     post("/statuses/:id/unfavourite", StatusController, :unfavourite)

  526.     post("/statuses/:id/pin", StatusController, :pin)

  527.     post("/statuses/:id/unpin", StatusController, :unpin)

  528.     post("/statuses/:id/bookmark", StatusController, :bookmark)

  529.     post("/statuses/:id/unbookmark", StatusController, :unbookmark)

  530.     post("/statuses/:id/mute", StatusController, :mute_conversation)

  531.     post("/statuses/:id/unmute", StatusController, :unmute_conversation)

  532. 

  533.     post("/push/subscription", SubscriptionController, :create)

  534.     get("/push/subscription", SubscriptionController, :show)

  535.     put("/push/subscription", SubscriptionController, :update)

  536.     delete("/push/subscription", SubscriptionController, :delete)

  537. 

  538.     get("/suggestions", SuggestionController, :index)

  539. 

  540.     get("/timelines/home", TimelineController, :home)

  541.     get("/timelines/direct", TimelineController, :direct)

  542.     get("/timelines/list/:list_id", TimelineController, :list)

  543.   end

  544. 

  545.   scope "/api/web", Pleroma.Web do

  546.     pipe_through(:authenticated_api)

  547. 

  548.     # Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere

  549.     put("/settings", MastoFEController, :put_settings)

  550.   end

  551. 

  552.   scope "/api/v1", Pleroma.Web.MastodonAPI do

  553.     pipe_through(:app_api)

  554. 

  555.     post("/apps", AppController, :create)

  556.     get("/apps/verify_credentials", AppController, :verify_credentials)

  557.   end

  558. 

  559.   scope "/api/v1", Pleroma.Web.MastodonAPI do

  560.     pipe_through(:api)

  561. 

  562.     get("/accounts/search", SearchController, :account_search)

  563.     get("/search", SearchController, :search)

  564. 

  565.     get("/accounts/:id/statuses", AccountController, :statuses)

  566.     get("/accounts/:id/followers", AccountController, :followers)

  567.     get("/accounts/:id/following", AccountController, :following)

  568.     get("/accounts/:id", AccountController, :show)

  569. 

  570.     post("/accounts", AccountController, :create)

  571. 

  572.     get("/instance", InstanceController, :show)

  573.     get("/instance/peers", InstanceController, :peers)

  574. 

  575.     get("/statuses", StatusController, :index)

  576.     get("/statuses/:id", StatusController, :show)

  577.     get("/statuses/:id/context", StatusController, :context)

  578.     get("/statuses/:id/card", StatusController, :card)

  579.     get("/statuses/:id/favourited_by", StatusController, :favourited_by)

  580.     get("/statuses/:id/reblogged_by", StatusController, :reblogged_by)

  581. 

  582.     get("/custom_emojis", CustomEmojiController, :index)

  583. 

  584.     get("/trends", MastodonAPIController, :empty_array)

  585. 

  586.     get("/timelines/public", TimelineController, :public)

  587.     get("/timelines/tag/:tag", TimelineController, :hashtag)

  588. 

  589.     get("/polls/:id", PollController, :show)

  590.   end

  591. 

  592.   scope "/api/v2", Pleroma.Web.MastodonAPI do

  593.     pipe_through(:api)

  594.     get("/search", SearchController, :search2)

  595. 

  596.     post("/media", MediaController, :create2)

  597.   end

  598. 

  599.   scope "/api", Pleroma.Web do

  600.     pipe_through(:config)

  601. 

  602.     get("/pleroma/frontend_configurations", TwitterAPI.UtilController, :frontend_configurations)

  603.   end

  604. 

  605.   scope "/api", Pleroma.Web do

  606.     pipe_through(:api)

  607. 

  608.     get(

  609.       "/account/confirm_email/:user_id/:token",

  610.       TwitterAPI.Controller,

  611.       :confirm_email,

  612.       as: :confirm_email

  613.     )

  614.   end

  615. 

  616.   scope "/api" do

  617.     pipe_through(:base_api)

  618. 

  619.     get("/openapi", OpenApiSpex.Plug.RenderSpec, [])

  620.   end

  621. 

  622.   scope "/api", Pleroma.Web, as: :authenticated_twitter_api do

  623.     pipe_through(:authenticated_api)

  624. 

  625.     get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens)

  626.     delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token)

  627. 

  628.     post(

  629.       "/qvitter/statuses/notifications/read",

  630.       TwitterAPI.Controller,

  631.       :mark_notifications_as_read

  632.     )

  633.   end

  634. 

  635.   scope "/", Pleroma.Web do

  636.     # Note: html format is supported only if static FE is enabled

  637.     # Note: http signature is only considered for json requests (no auth for non-json requests)

  638.     pipe_through([:accepts_html_json, :http_signature, :static_fe])

  639. 

  640.     get("/objects/:uuid", OStatus.OStatusController, :object)

  641.     get("/activities/:uuid", OStatus.OStatusController, :activity)

  642.     get("/notice/:id", OStatus.OStatusController, :notice)

  643. 

  644.     # Mastodon compatibility routes

  645.     get("/users/:nickname/statuses/:id", OStatus.OStatusController, :object)

  646.     get("/users/:nickname/statuses/:id/activity", OStatus.OStatusController, :activity)

  647.   end

  648. 

  649.   scope "/", Pleroma.Web do

  650.     # Note: html format is supported only if static FE is enabled

  651.     # Note: http signature is only considered for json requests (no auth for non-json requests)

  652.     pipe_through([:accepts_html_xml_json, :http_signature, :static_fe])

  653. 

  654.     # Note: returns user _profile_ for json requests, redirects to user _feed_ for non-json ones

  655.     get("/users/:nickname", Feed.UserController, :feed_redirect, as: :user_feed)

  656.   end

  657. 

  658.   scope "/", Pleroma.Web do

  659.     # Note: html format is supported only if static FE is enabled

  660.     pipe_through([:accepts_html_xml, :static_fe])

  661. 

  662.     get("/users/:nickname/feed", Feed.UserController, :feed, as: :user_feed)

  663.   end

  664. 

  665.   scope "/", Pleroma.Web do

  666.     pipe_through(:accepts_html)

  667.     get("/notice/:id/embed_player", OStatus.OStatusController, :notice_player)

  668.   end

  669. 

  670.   scope "/", Pleroma.Web do

  671.     pipe_through(:accepts_xml_rss_atom)

  672.     get("/tags/:tag", Feed.TagController, :feed, as: :tag_feed)

  673.   end

  674. 

  675.   scope "/", Pleroma.Web do

  676.     pipe_through(:browser)

  677.     get("/mailer/unsubscribe/:token", Mailer.SubscriptionController, :unsubscribe)

  678.   end

  679. 

  680.   pipeline :ap_service_actor do

  681.     plug(:accepts, ["activity+json", "json"])

  682.   end

  683. 

  684.   # Server to Server (S2S) AP interactions

  685.   pipeline :activitypub do

  686.     plug(:ap_service_actor)

  687.     plug(:http_signature)

  688.   end

  689. 

  690.   # Client to Server (C2S) AP interactions

  691.   pipeline :activitypub_client do

  692.     plug(:ap_service_actor)

  693.     plug(:fetch_session)

  694.     plug(:authenticate)

  695.     plug(:after_auth)

  696.   end

  697. 

  698.   scope "/", Pleroma.Web.ActivityPub do

  699.     pipe_through([:activitypub_client])

  700. 

  701.     get("/api/ap/whoami", ActivityPubController, :whoami)

  702.     get("/users/:nickname/inbox", ActivityPubController, :read_inbox)

  703. 

  704.     get("/users/:nickname/outbox", ActivityPubController, :outbox)

  705.     post("/users/:nickname/outbox", ActivityPubController, :update_outbox)

  706.     post("/api/ap/upload_media", ActivityPubController, :upload_media)

  707. 

  708.     # The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`:

  709.     get("/users/:nickname/followers", ActivityPubController, :followers)

  710.     get("/users/:nickname/following", ActivityPubController, :following)

  711.     get("/users/:nickname/collections/featured", ActivityPubController, :pinned)

  712.   end

  713. 

  714.   scope "/", Pleroma.Web.ActivityPub do

  715.     pipe_through(:activitypub)

  716.     post("/inbox", ActivityPubController, :inbox)

  717.     post("/users/:nickname/inbox", ActivityPubController, :inbox)

  718.   end

  719. 

  720.   scope "/relay", Pleroma.Web.ActivityPub do

  721.     pipe_through(:ap_service_actor)

  722. 

  723.     get("/", ActivityPubController, :relay)

  724. 

  725.     scope [] do

  726.       pipe_through(:http_signature)

  727.       post("/inbox", ActivityPubController, :inbox)

  728.     end

  729. 

  730.     get("/following", ActivityPubController, :relay_following)

  731.     get("/followers", ActivityPubController, :relay_followers)

  732.   end

  733. 

  734.   scope "/internal/fetch", Pleroma.Web.ActivityPub do

  735.     pipe_through(:ap_service_actor)

  736. 

  737.     get("/", ActivityPubController, :internal_fetch)

  738.     post("/inbox", ActivityPubController, :inbox)

  739.   end

  740. 

  741.   scope "/.well-known", Pleroma.Web do

  742.     pipe_through(:well_known)

  743. 

  744.     get("/host-meta", WebFinger.WebFingerController, :host_meta)

  745.     get("/webfinger", WebFinger.WebFingerController, :webfinger)

  746.     get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas)

  747.   end

  748. 

  749.   scope "/nodeinfo", Pleroma.Web do

  750.     get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)

  751.   end

  752. 

  753.   scope "/", Pleroma.Web do

  754.     pipe_through(:api)

  755. 

  756.     get("/web/manifest.json", MastoFEController, :manifest)

  757.   end

  758. 

  759.   scope "/", Pleroma.Web do

  760.     pipe_through(:mastodon_html)

  761. 

  762.     get("/web/login", MastodonAPI.AuthController, :login)

  763.     delete("/auth/sign_out", MastodonAPI.AuthController, :logout)

  764. 

  765.     post("/auth/password", MastodonAPI.AuthController, :password_reset)

  766. 

  767.     get("/web/*path", MastoFEController, :index)

  768. 

  769.     get("/embed/:id", EmbedController, :show)

  770.   end

  771. 

  772.   scope "/proxy/", Pleroma.Web do

  773.     get("/preview/:sig/:url", MediaProxy.MediaProxyController, :preview)

  774.     get("/preview/:sig/:url/:filename", MediaProxy.MediaProxyController, :preview)

  775.     get("/:sig/:url", MediaProxy.MediaProxyController, :remote)

  776.     get("/:sig/:url/:filename", MediaProxy.MediaProxyController, :remote)

  777.   end

  778. 

  779.   if Pleroma.Config.get(:env) == :dev do

  780.     scope "/dev" do

  781.       pipe_through([:mailbox_preview])

  782. 

  783.       forward("/mailbox", Plug.Swoosh.MailboxPreview, base_path: "/dev/mailbox")

  784.     end

  785.   end

  786. 

  787.   # Test-only routes needed to test action dispatching and plug chain execution

  788.   if Pleroma.Config.get(:env) == :test do

  789.     @test_actions [

  790.       :do_oauth_check,

  791.       :fallback_oauth_check,

  792.       :skip_oauth_check,

  793.       :fallback_oauth_skip_publicity_check,

  794.       :skip_oauth_skip_publicity_check,

  795.       :missing_oauth_check_definition

  796.     ]

  797. 

  798.     scope "/test/api", Pleroma.Tests do

  799.       pipe_through(:api)

  800. 

  801.       for action <- @test_actions do

  802.         get("/#{action}", AuthTestController, action)

  803.       end

  804.     end

  805. 

  806.     scope "/test/authenticated_api", Pleroma.Tests do

  807.       pipe_through(:authenticated_api)

  808. 

  809.       for action <- @test_actions do

  810.         get("/#{action}", AuthTestController, action)

  811.       end

  812.     end

  813.   end

  814. 

  815.   scope "/", Pleroma.Web.MongooseIM do

  816.     get("/user_exists", MongooseIMController, :user_exists)

  817.     get("/check_password", MongooseIMController, :check_password)

  818.   end

  819. 

  820.   scope "/", Pleroma.Web.Fallback do

  821.     get("/registration/:token", RedirectController, :registration_page)

  822.     get("/:maybe_nickname_or_id", RedirectController, :redirector_with_meta)

  823.     match(:*, "/api/pleroma*path", LegacyPleromaApiRerouterPlug, [])

  824.     get("/api*path", RedirectController, :api_not_implemented)

  825.     get("/*path", RedirectController, :redirector_with_preload)

  826. 

  827.     options("/*path", RedirectController, :empty)

  828.   end

  829. 

  830.   # TODO: Change to Phoenix.Router.routes/1 for Phoenix 1.6.0+

  831.   def get_api_routes do

  832.     __MODULE__.__routes__()

  833.     |> Enum.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end)

  834.     |> Enum.map(fn r ->

  835.       r.path

  836.       |> String.split("/", trim: true)

  837.       |> List.first()

  838.     end)

  839.     |> Enum.uniq()

  840.   end

  841. end