mastodon/spec/controllers/api/v1/statuses_controller_spec.rb

require 'rails_helper'

RSpec.describe Api::V1::StatusesController, type: :controller do
  render_views

  let(:user)  { Fabricate(:user) }
  let(:app)   { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }
  let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: app, scopes: scopes) }

  context 'with an oauth token' do
    before do
      allow(controller).to receive(:doorkeeper_token) { token }
    end

    describe 'GET #show' do
      let(:scopes) { 'read:statuses' }
      let(:status) { Fabricate(:status, account: user.account) }

      it 'returns http success' do
        get :show, params: { id: status.id }
        expect(response).to have_http_status(200)
      end
    end

    describe 'GET #context' do
      let(:scopes) { 'read:statuses' }
      let(:status) { Fabricate(:status, account: user.account) }

      before do
        Fabricate(:status, account: user.account, thread: status)
      end

      it 'returns http success' do
        get :context, params: { id: status.id }
        expect(response).to have_http_status(200)
      end
    end

    describe 'POST #create' do
      let(:scopes) { 'write:statuses' }

      context do
        before do
          post :create, params: { status: 'Hello world' }
        end

        it 'returns http success' do
          expect(response).to have_http_status(200)
        end

        it 'returns rate limit headers' do
          expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s
          expect(response.headers['X-RateLimit-Remaining']).to eq (RateLimiter::FAMILIES[:statuses][:limit] - 1).to_s
        end
      end

      context 'with missing parameters' do
        before do
          post :create, params: {}
        end

        it 'returns http unprocessable entity' do
          expect(response).to have_http_status(422)
        end

        it 'returns rate limit headers' do
          expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s
        end
      end

      context 'when exceeding rate limit' do
        before do
          rate_limiter = RateLimiter.new(user.account, family: :statuses)
          300.times { rate_limiter.record! }
          post :create, params: { status: 'Hello world' }
        end

        it 'returns http too many requests' do
          expect(response).to have_http_status(429)
        end

        it 'returns rate limit headers' do
          expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s
          expect(response.headers['X-RateLimit-Remaining']).to eq '0'
        end
      end
    end

    describe 'DELETE #destroy' do
      let(:scopes) { 'write:statuses' }
      let(:status) { Fabricate(:status, account: user.account) }

      before do
        post :destroy, params: { id: status.id }
      end

      it 'returns http success' do
        expect(response).to have_http_status(200)
      end

      it 'removes the status' do
        expect(Status.find_by(id: status.id)).to be nil
      end
    end

    describe 'PUT #update' do
      let(:scopes) { 'write:statuses' }
      let(:status) { Fabricate(:status, account: user.account) }

      before do
        put :update, params: { id: status.id, status: 'I am updated' }
      end

      it 'returns http success' do
        expect(response).to have_http_status(200)
      end

      it 'updates the status' do
        expect(status.reload.text).to eq 'I am updated'
      end
    end
  end

  context 'without an oauth token' do
    before do
      allow(controller).to receive(:doorkeeper_token) { nil }
    end

    context 'with a private status' do
      let(:status) { Fabricate(:status, account: user.account, visibility: :private) }

      describe 'GET #show' do
        it 'returns http unauthorized' do
          get :show, params: { id: status.id }
          expect(response).to have_http_status(404)
        end
      end

      describe 'GET #context' do
        before do
          Fabricate(:status, account: user.account, thread: status)
        end

        it 'returns http unauthorized' do
          get :context, params: { id: status.id }
          expect(response).to have_http_status(404)
        end
      end
    end

    context 'with a public status' do
      let(:status) { Fabricate(:status, account: user.account, visibility: :public) }

      describe 'GET #show' do
        it 'returns http success' do
          get :show, params: { id: status.id }
          expect(response).to have_http_status(200)
        end
      end

      describe 'GET #context' do
        before do
          Fabricate(:status, account: user.account, thread: status)
        end

        it 'returns http success' do
          get :context, params: { id: status.id }
          expect(response).to have_http_status(200)
        end
      end
    end
  end
end
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth. 2016-03-07 12:42:33 +01:00			`require 'rails_helper'`

Fix #52 - Add API versioning (v1) 2016-09-27 16:58:23 +02:00			`RSpec.describe Api::V1::StatusesController, type: :controller do`
Enhancing test suite but I think the problem might have been caching setting 2016-09-05 01:26:08 +02:00			`render_views`

Refactor and improve tests (#17386) * Change account and user fabricators to simplify and improve tests - `Fabricate(:account)` implicitly fabricates an associated `user` if no `domain` attribute is given (an account with `domain: nil` is considered a local account, but no user record was created), unless `user: nil` is passed - `Fabricate(:account, user: Fabricate(:user))` should still be possible but is discouraged. * Fix and refactor tests - avoid passing unneeded attributes to `Fabricate(:user)` or `Fabricate(:account)` - avoid embedding `Fabricate(:user)` into a `Fabricate(:account)` or the other way around - prefer `Fabricate(:user, account_attributes: …)` to `Fabricate(:user, account: Fabricate(:account, …)` - also, some tests were using remote accounts with local user records, which is not representative of production code. 2022-01-28 00:46:42 +01:00			`let(:user) { Fabricate(:user) }`
Fix tests, add applications to eager loading/cache for statuses, fix application website validation, don't link to app website if website isn't set, also comment out animated boost icon from #464 until it's consistent with non-animated version 2017-01-15 14:01:33 +01:00			`let(:app) { Fabricate(:application, name: 'Test app', website: 'http://testapp.com') }`
Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope 2018-07-05 18:31:35 +02:00			`let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, application: app, scopes: scopes) }`
Writing out more tests, fixed some bugs 2016-03-20 13:03:06 +01:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`context 'with an oauth token' do`
			`before do`
			`allow(controller).to receive(:doorkeeper_token) { token }`
			`end`
Writing out more tests, fixed some bugs 2016-03-20 13:03:06 +01:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`describe 'GET #show' do`
Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope 2018-07-05 18:31:35 +02:00			`let(:scopes) { 'read:statuses' }`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`let(:status) { Fabricate(:status, account: user.account) }`
Writing out more tests, fixed some bugs 2016-03-20 13:03:06 +01:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`it 'returns http success' do`
			`get :show, params: { id: status.id }`
Use raw status code on have_http_status (#7214) 2018-04-21 21:35:07 +02:00			`expect(response).to have_http_status(200)`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
Writing out more tests, fixed some bugs 2016-03-20 13:03:06 +01:00			`end`
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth. 2016-03-07 12:42:33 +01:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`describe 'GET #context' do`
Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope 2018-07-05 18:31:35 +02:00			`let(:scopes) { 'read:statuses' }`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`let(:status) { Fabricate(:status, account: user.account) }`
Test case for new api endpoint 2016-09-16 00:27:09 +02:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`before do`
			`Fabricate(:status, account: user.account, thread: status)`
			`end`
Test case for new api endpoint 2016-09-16 00:27:09 +02:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`it 'returns http success' do`
			`get :context, params: { id: status.id }`
Use raw status code on have_http_status (#7214) 2018-04-21 21:35:07 +02:00			`expect(response).to have_http_status(200)`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
Test case for new api endpoint 2016-09-16 00:27:09 +02:00			`end`

Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`describe 'POST #create' do`
Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope 2018-07-05 18:31:35 +02:00			`let(:scopes) { 'write:statuses' }`

Add specific rate limits for posting and following (#13172) 2020-03-08 15:17:39 +01:00			`context do`
			`before do`
			`post :create, params: { status: 'Hello world' }`
			`end`

			`it 'returns http success' do`
			`expect(response).to have_http_status(200)`
			`end`

			`it 'returns rate limit headers' do`
			`expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s`
			`expect(response.headers['X-RateLimit-Remaining']).to eq (RateLimiter::FAMILIES[:statuses][:limit] - 1).to_s`
			`end`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
Enhancing test suite but I think the problem might have been caching setting 2016-09-05 01:26:08 +02:00
Add specific rate limits for posting and following (#13172) 2020-03-08 15:17:39 +01:00			`context 'with missing parameters' do`
			`before do`
			`post :create, params: {}`
			`end`

			`it 'returns http unprocessable entity' do`
			`expect(response).to have_http_status(422)`
			`end`

			`it 'returns rate limit headers' do`
			`expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s`
			`end`
			`end`

			`context 'when exceeding rate limit' do`
			`before do`
			`rate_limiter = RateLimiter.new(user.account, family: :statuses)`
			`300.times { rate_limiter.record! }`
			`post :create, params: { status: 'Hello world' }`
			`end`

			`it 'returns http too many requests' do`
			`expect(response).to have_http_status(429)`
			`end`

			`it 'returns rate limit headers' do`
			`expect(response.headers['X-RateLimit-Limit']).to eq RateLimiter::FAMILIES[:statuses][:limit].to_s`
			`expect(response.headers['X-RateLimit-Remaining']).to eq '0'`
			`end`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
Enhancing test suite but I think the problem might have been caching setting 2016-09-05 01:26:08 +02:00			`end`
Adding more test stubs 2016-03-19 12:13:47 +01:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`describe 'DELETE #destroy' do`
Add more granular OAuth scopes (#7929) * Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope 2018-07-05 18:31:35 +02:00			`let(:scopes) { 'write:statuses' }`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`let(:status) { Fabricate(:status, account: user.account) }`
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API 2016-09-26 23:55:21 +02:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`before do`
			`post :destroy, params: { id: status.id }`
			`end`
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API 2016-09-26 23:55:21 +02:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`it 'returns http success' do`
Use raw status code on have_http_status (#7214) 2018-04-21 21:35:07 +02:00			`expect(response).to have_http_status(200)`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API 2016-09-26 23:55:21 +02:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`it 'removes the status' do`
			`expect(Status.find_by(id: status.id)).to be nil`
			`end`
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API 2016-09-26 23:55:21 +02:00			`end`
Add editing for published statuses (#17320) * Add editing for published statuses * Fix change of multiple-choice boolean in poll not resetting votes * Remove the ability to update existing media attachments for now 2022-02-10 00:15:30 +01:00
			`describe 'PUT #update' do`
			`let(:scopes) { 'write:statuses' }`
			`let(:status) { Fabricate(:status, account: user.account) }`

			`before do`
			`put :update, params: { id: status.id, status: 'I am updated' }`
			`end`

			`it 'returns http success' do`
			`expect(response).to have_http_status(200)`
			`end`

			`it 'updates the status' do`
			`expect(status.reload.text).to eq 'I am updated'`
			`end`
			`end`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API 2016-09-26 23:55:21 +02:00
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`context 'without an oauth token' do`
			`before do`
			`allow(controller).to receive(:doorkeeper_token) { nil }`
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API 2016-09-26 23:55:21 +02:00			`end`

Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`context 'with a private status' do`
			`let(:status) { Fabricate(:status, account: user.account, visibility: :private) }`

			`describe 'GET #show' do`
Spelling (#17705) * spelling: account Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: affiliated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: appearance Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: autosuggest Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: cacheable Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: component Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: conversations Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: domain.example Clarify what's distinct and use RFC friendly domain space. Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: environment Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: exceeds Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: functional Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: inefficiency Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: not Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: notifications Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: occurring Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: position Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: progress Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: promotable Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: reblogging Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: repetitive Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: resolve Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: saturated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: similar Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: strategies Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: success Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: targeting Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: thumbnails Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unauthorized Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unsensitizes Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: validations Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: various Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> Co-authored-by: Josh Soref <jsoref@users.noreply.github.com> 2022-03-06 22:51:40 +01:00			`it 'returns http unauthorized' do`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`get :show, params: { id: status.id }`
Use raw status code on have_http_status (#7214) 2018-04-21 21:35:07 +02:00			`expect(response).to have_http_status(404)`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
			`end`

			`describe 'GET #context' do`
			`before do`
			`Fabricate(:status, account: user.account, thread: status)`
			`end`

Spelling (#17705) * spelling: account Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: affiliated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: appearance Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: autosuggest Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: cacheable Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: component Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: conversations Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: domain.example Clarify what's distinct and use RFC friendly domain space. Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: environment Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: exceeds Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: functional Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: inefficiency Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: not Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: notifications Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: occurring Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: position Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: progress Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: promotable Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: reblogging Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: repetitive Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: resolve Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: saturated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: similar Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: strategies Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: success Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: targeting Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: thumbnails Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unauthorized Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unsensitizes Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: validations Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: various Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> Co-authored-by: Josh Soref <jsoref@users.noreply.github.com> 2022-03-06 22:51:40 +01:00			`it 'returns http unauthorized' do`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`get :context, params: { id: status.id }`
Use raw status code on have_http_status (#7214) 2018-04-21 21:35:07 +02:00			`expect(response).to have_http_status(404)`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
			`end`
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API 2016-09-26 23:55:21 +02:00			`end`

Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`context 'with a public status' do`
			`let(:status) { Fabricate(:status, account: user.account, visibility: :public) }`

			`describe 'GET #show' do`
			`it 'returns http success' do`
			`get :show, params: { id: status.id }`
Use raw status code on have_http_status (#7214) 2018-04-21 21:35:07 +02:00			`expect(response).to have_http_status(200)`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
			`end`

			`describe 'GET #context' do`
			`before do`
			`Fabricate(:status, account: user.account, thread: status)`
			`end`

			`it 'returns http success' do`
			`get :context, params: { id: status.id }`
Use raw status code on have_http_status (#7214) 2018-04-21 21:35:07 +02:00			`expect(response).to have_http_status(200)`
Remove API authentication for public statuses (after review) (#1919) 2017-04-18 21:58:57 +02:00			`end`
			`end`
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API 2016-09-26 23:55:21 +02:00			`end`
			`end`
Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth. 2016-03-07 12:42:33 +01:00			`end`