mastodon/app/controllers/statuses_controller.rb

# frozen_string_literal: true

class StatusesController < ApplicationController
  include SignatureAuthentication
  include Authorization

  ANCESTORS_LIMIT = 20

  layout 'public'

  before_action :set_account
  before_action :set_status
  before_action :set_link_headers
  before_action :check_account_suspension
  before_action :redirect_to_original, only: [:show]
  before_action :set_referrer_policy_header, only: [:show]
  before_action :set_cache_headers

  def show
    respond_to do |format|
      format.html do
        @ancestors     = @status.reply? ? cache_collection(@status.ancestors(ANCESTORS_LIMIT, current_account), Status) : []
        @next_ancestor = @ancestors.size < ANCESTORS_LIMIT ? nil : @ancestors.shift
        @descendants   = cache_collection(@status.descendants(current_account), Status)

        render 'stream_entries/show'
      end

      format.json do
        skip_session! unless @stream_entry.hidden?

        render_cached_json(['activitypub', 'note', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
          ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter)
        end
      end
    end
  end

  def activity
    skip_session!

    render_cached_json(['activitypub', 'activity', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do
      ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter)
    end
  end

  def embed
    response.headers['X-Frame-Options'] = 'ALLOWALL'
    render 'stream_entries/embed', layout: 'embedded'
  end

  private

  def set_account
    @account = Account.find_local!(params[:account_username])
  end

  def set_link_headers
    response.headers['Link'] = LinkHeader.new(
      [
        [account_stream_entry_url(@account, @status.stream_entry, format: 'atom'), [%w(rel alternate), %w(type application/atom+xml)]],
        [ActivityPub::TagManager.instance.uri_for(@status), [%w(rel alternate), %w(type application/activity+json)]],
      ]
    )
  end

  def set_status
    @status       = @account.statuses.find(params[:id])
    @stream_entry = @status.stream_entry
    @type         = @stream_entry.activity_type.downcase

    authorize @status, :show?
  rescue Mastodon::NotPermittedError
    # Reraise in order to get a 404
    raise ActiveRecord::RecordNotFound
  end

  def check_account_suspension
    gone if @account.suspended?
  end

  def redirect_to_original
    redirect_to ::TagManager.instance.url_for(@status.reblog) if @status.reblog?
  end

  def set_referrer_policy_header
    return if @status.public_visibility? || @status.unlisted_visibility?
    response.headers['Referrer-Policy'] = 'origin'
  end
end
Prettier account and stream entry URLs 2017-03-22 19:26:22 +01:00			`# frozen_string_literal: true`

			`class StatusesController < ApplicationController`
Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225) 2018-02-02 10:19:59 +01:00			`include SignatureAuthentication`
Extract authorization policy for viewing statuses (#3150) 2017-05-29 18:22:22 +02:00			`include Authorization`

Paginate ancestor statuses in public page (#7102) This also limits the statuses returned by API, but pagination is not implemented in Web API yet. I still expect it brings user experience better than making a user wait to fetch all ancestor statuses and flooding the column with them. 2018-04-11 12:35:09 +02:00			`ANCESTORS_LIMIT = 20`

Prettier account and stream entry URLs 2017-03-22 19:26:22 +01:00			`layout 'public'`

			`before_action :set_account`
			`before_action :set_status`
			`before_action :set_link_headers`
			`before_action :check_account_suspension`
Fetch reblogs as Announce activity instead of Note object (#4672) * Process Create / Announce activity in FetchRemoteStatusService * Use activity URL in ActivityPub for reblogs * Redirect to the original status on StatusesController#show 2017-08-24 16:21:42 +02:00			`before_action :redirect_to_original, only: [:show]`
Set Referrer-Policy to origin in web UI and public pages of private toots (#7162) Fix #7115 2018-04-17 13:51:01 +02:00			`before_action :set_referrer_policy_header, only: [:show]`
Cache JSON of immutable ActivityPub representations (#6171) 2018-01-04 01:21:38 +01:00			`before_action :set_cache_headers`
Prettier account and stream entry URLs 2017-03-22 19:26:22 +01:00
			`def show`
Improve ActivityPub representations (#3844) * Improve webfinger templates and make tests more flexible * Clean up AS2 representation of actor * Refactor outbox * Create activities representation * Add representations of followers/following collections, do not redirect /users/:username route if format is empty * Remove unused translations * ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better URL/URI generation * Add ActivityPub::TagManager#to * Represent all attachments as Document instead of Image/Video specifically (Because for remote ones we may not know for sure) Add mentions and hashtags representation to AP notes * Add AP-resolvable hashtag URIs * Use ActiveModelSerializers for ActivityPub * Clean up unused translations * Separate route for object and activity * Adjust cc/to matrices * Add to/cc to activities, ensure announce activity embeds target status and not the wrapper status, add "id" to all collections 2017-07-15 03:01:39 +02:00			`respond_to do \|format\|`
			`format.html do`
Paginate ancestor statuses in public page (#7102) This also limits the statuses returned by API, but pagination is not implemented in Web API yet. I still expect it brings user experience better than making a user wait to fetch all ancestor statuses and flooding the column with them. 2018-04-11 12:35:09 +02:00			`@ancestors = @status.reply? ? cache_collection(@status.ancestors(ANCESTORS_LIMIT, current_account), Status) : []`
			`@next_ancestor = @ancestors.size < ANCESTORS_LIMIT ? nil : @ancestors.shift`
			`@descendants = cache_collection(@status.descendants(current_account), Status)`
Improve ActivityPub representations (#3844) * Improve webfinger templates and make tests more flexible * Clean up AS2 representation of actor * Refactor outbox * Create activities representation * Add representations of followers/following collections, do not redirect /users/:username route if format is empty * Remove unused translations * ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better URL/URI generation * Add ActivityPub::TagManager#to * Represent all attachments as Document instead of Image/Video specifically (Because for remote ones we may not know for sure) Add mentions and hashtags representation to AP notes * Add AP-resolvable hashtag URIs * Use ActiveModelSerializers for ActivityPub * Clean up unused translations * Separate route for object and activity * Adjust cc/to matrices * Add to/cc to activities, ensure announce activity embeds target status and not the wrapper status, add "id" to all collections 2017-07-15 03:01:39 +02:00
			`render 'stream_entries/show'`
			`end`

			`format.json do`
Cache JSON of immutable ActivityPub representations (#6171) 2018-01-04 01:21:38 +01:00			`skip_session! unless @stream_entry.hidden?`

Make sure private toots remain private and do not end up in HTTP caches (#6175) 2018-01-04 14:39:38 +01:00			`render_cached_json(['activitypub', 'note', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do`
Cache JSON of immutable ActivityPub representations (#6171) 2018-01-04 01:21:38 +01:00			`ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter)`
Allow HTTP caching of json view of public statuses (#6115) * Allow HTTP caching of json view of public statuses HTML views are not cached as they can contain private statuses as well * Disable session cookies for ActivityPub json rendering of public toots 2018-01-03 04:57:57 +01:00			`end`
Improve ActivityPub representations (#3844) * Improve webfinger templates and make tests more flexible * Clean up AS2 representation of actor * Refactor outbox * Create activities representation * Add representations of followers/following collections, do not redirect /users/:username route if format is empty * Remove unused translations * ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better URL/URI generation * Add ActivityPub::TagManager#to * Represent all attachments as Document instead of Image/Video specifically (Because for remote ones we may not know for sure) Add mentions and hashtags representation to AP notes * Add AP-resolvable hashtag URIs * Use ActiveModelSerializers for ActivityPub * Clean up unused translations * Separate route for object and activity * Adjust cc/to matrices * Add to/cc to activities, ensure announce activity embeds target status and not the wrapper status, add "id" to all collections 2017-07-15 03:01:39 +02:00			`end`
			`end`
			`end`
Prettier account and stream entry URLs 2017-03-22 19:26:22 +01:00
Improve ActivityPub representations (#3844) * Improve webfinger templates and make tests more flexible * Clean up AS2 representation of actor * Refactor outbox * Create activities representation * Add representations of followers/following collections, do not redirect /users/:username route if format is empty * Remove unused translations * ActivityPub endpoint for single statuses, add ActivityPub::TagManager for better URL/URI generation * Add ActivityPub::TagManager#to * Represent all attachments as Document instead of Image/Video specifically (Because for remote ones we may not know for sure) Add mentions and hashtags representation to AP notes * Add AP-resolvable hashtag URIs * Use ActiveModelSerializers for ActivityPub * Clean up unused translations * Separate route for object and activity * Adjust cc/to matrices * Add to/cc to activities, ensure announce activity embeds target status and not the wrapper status, add "id" to all collections 2017-07-15 03:01:39 +02:00			`def activity`
Cache JSON of immutable ActivityPub representations (#6171) 2018-01-04 01:21:38 +01:00			`skip_session!`

Make sure private toots remain private and do not end up in HTTP caches (#6175) 2018-01-04 14:39:38 +01:00			`render_cached_json(['activitypub', 'activity', @status.cache_key], content_type: 'application/activity+json', public: !@stream_entry.hidden?) do`
Cache JSON of immutable ActivityPub representations (#6171) 2018-01-04 01:21:38 +01:00			`ActiveModelSerializers::SerializableResource.new(@status, serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter)`
			`end`
Prettier account and stream entry URLs 2017-03-22 19:26:22 +01:00			`end`

Update status embeds (#4742) - Use statuses controller for embeds instead of stream entries controller - Prefer /@:username/:id/embed URL for embeds - Use /@:username as author_url in OEmbed - Add follow link to embeds which opens web intent in new window - Use redis cache in development - Cache entire embed 2017-08-30 10:23:43 +02:00			`def embed`
			`response.headers['X-Frame-Options'] = 'ALLOWALL'`
			`render 'stream_entries/embed', layout: 'embedded'`
			`end`

Prettier account and stream entry URLs 2017-03-22 19:26:22 +01:00			`private`

			`def set_account`
			`@account = Account.find_local!(params[:account_username])`
			`end`

			`def set_link_headers`
Add alternate links to ActivityPub resources from HTML/HEAD variants (#4586) 2017-08-13 00:45:04 +02:00			`response.headers['Link'] = LinkHeader.new(`
			`[`
			`[account_stream_entry_url(@account, @status.stream_entry, format: 'atom'), [%w(rel alternate), %w(type application/atom+xml)]],`
			`[ActivityPub::TagManager.instance.uri_for(@status), [%w(rel alternate), %w(type application/activity+json)]],`
			`]`
			`)`
Prettier account and stream entry URLs 2017-03-22 19:26:22 +01:00			`end`

			`def set_status`
			`@status = @account.statuses.find(params[:id])`
			`@stream_entry = @status.stream_entry`
			`@type = @stream_entry.activity_type.downcase`

Extract authorization policy for viewing statuses (#3150) 2017-05-29 18:22:22 +02:00			`authorize @status, :show?`
			`rescue Mastodon::NotPermittedError`
			`# Reraise in order to get a 404`
			`raise ActiveRecord::RecordNotFound`
Prettier account and stream entry URLs 2017-03-22 19:26:22 +01:00			`end`

			`def check_account_suspension`
			`gone if @account.suspended?`
			`end`
Fetch reblogs as Announce activity instead of Note object (#4672) * Process Create / Announce activity in FetchRemoteStatusService * Use activity URL in ActivityPub for reblogs * Redirect to the original status on StatusesController#show 2017-08-24 16:21:42 +02:00
			`def redirect_to_original`
			`redirect_to ::TagManager.instance.url_for(@status.reblog) if @status.reblog?`
			`end`
Set Referrer-Policy to origin in web UI and public pages of private toots (#7162) Fix #7115 2018-04-17 13:51:01 +02:00
			`def set_referrer_policy_header`
			`return if @status.public_visibility? \|\| @status.unlisted_visibility?`
			`response.headers['Referrer-Policy'] = 'origin'`
			`end`
Prettier account and stream entry URLs 2017-03-22 19:26:22 +01:00			`end`