mastodon/app/controllers/api_controller.rb

class ApiController < ApplicationController
  protect_from_forgery with: :null_session
  skip_before_action :verify_authenticity_token

  rescue_from ActiveRecord::RecordInvalid do
    render json: { error: 'Record invalid' }, status: 422
  end

  rescue_from ActiveRecord::RecordNotFound do
    render json: { error: 'Record not found' }, status: 404
  end

  rescue_from Goldfinger::Error do
    render json: { error: 'Remote account could not be resolved' }, status: 422
  end

  rescue_from HTTP::Error do
    render json: { error: 'Remote data could not be fetched' }, status: 503
  end

  protected

  def current_resource_owner
    User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
  end

  def current_user
    super || current_resource_owner
  end
end
Fixing some bugs, adding pending test examples 2016-03-05 12:50:59 +01:00			`class ApiController < ApplicationController`
			`protect_from_forgery with: :null_session`
Upgrade to Rails 5.0.0.1 2016-08-17 17:56:23 +02:00			`skip_before_action :verify_authenticity_token`
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth. 2016-03-07 12:42:33 +01:00
The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests Adding better errors for the API controllers, posting a simple status works from the frontend now 2016-08-26 19:12:19 +02:00			`rescue_from ActiveRecord::RecordInvalid do`
			`render json: { error: 'Record invalid' }, status: 422`
			`end`

			`rescue_from ActiveRecord::RecordNotFound do`
			`render json: { error: 'Record not found' }, status: 404`
			`end`

Improved error handling for FollowRemoteService 2016-09-17 17:03:36 +02:00			`rescue_from Goldfinger::Error do`
			`render json: { error: 'Remote account could not be resolved' }, status: 422`
			`end`

			`rescue_from HTTP::Error do`
			`render json: { error: 'Remote data could not be fetched' }, status: 503`
			`end`

Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth. 2016-03-07 12:42:33 +01:00			`protected`

			`def current_resource_owner`
Improving feed queries, switching API to doorkeeper authentication 2016-03-11 16:47:36 +01:00			`User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token`
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth. 2016-03-07 12:42:33 +01:00			`end`

			`def current_user`
			`super \|\| current_resource_owner`
			`end`
Fixing some bugs, adding pending test examples 2016-03-05 12:50:59 +01:00			`end`