lemmy/src/api_routes_http.rs
Nutomic ad90cd77f9
Implement private communities (#5076)
* add private visibility

* filter private communities in post_view.rs

* also filter in comment_view

* community follower state

* remove unused method

* sql fmt

* add CommunityFollower.approved_by

* implement api endpoints

* api changes

* only admins can create private community for now

* add local api tests

* fix api tests

* follow remote private community

* use authorized fetch for content in private community

* federate community visibility

* dont mark content in private community as public

* expose ApprovalRequired in api

* also check content fetchable for outbox/featured

* address private community content to followers

* implement reject activity

* fix tests

* add files

* remove local api tests

* dont use delay

* is_new_instance

* single query for is_new_instance

* return subscribed type for pending follow

* working

* need to catch errors in waitUntil

* clippy

* fix query

* lint for unused async

* diesel.toml comment

* add comment

* avoid db reads

* rename approved_by to approver_id

* add helper

* form init

* list pending follows should return items for all communities

* clippy

* ci

* fix down migration

* fix api tests

* references

* rename

* run git diff

* ci

* fix schema check

* fix joins

* ci

* ci

* skip_serializing_none

* fix test

---------

Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
2024-11-07 05:49:05 -05:00

441 lines
16 KiB
Rust

use actix_web::{guard, web};
use lemmy_api::{
comment::{
distinguish::distinguish_comment,
like::like_comment,
list_comment_likes::list_comment_likes,
save::save_comment,
},
comment_report::{
create::create_comment_report,
list::list_comment_reports,
resolve::resolve_comment_report,
},
community::{
add_mod::add_mod_to_community,
ban::ban_from_community,
block::block_community,
follow::follow_community,
hide::hide_community,
pending_follows::{
approve::post_pending_follows_approve,
count::get_pending_follows_count,
list::get_pending_follows_list,
},
random::get_random_community,
transfer::transfer_community,
},
local_user::{
add_admin::add_admin,
ban_person::ban_from_site,
block::block_person,
change_password::change_password,
change_password_after_reset::change_password_after_reset,
generate_totp_secret::generate_totp_secret,
get_captcha::get_captcha,
list_banned::list_banned_users,
list_logins::list_logins,
list_media::list_media,
login::login,
logout::logout,
notifications::{
list_mentions::list_mentions,
list_replies::list_replies,
mark_all_read::mark_all_notifications_read,
mark_mention_read::mark_person_mention_as_read,
mark_reply_read::mark_reply_as_read,
unread_count::unread_count,
},
report_count::report_count,
reset_password::reset_password,
save_settings::save_user_settings,
update_totp::update_totp,
validate_auth::validate_auth,
verify_email::verify_email,
},
post::{
feature::feature_post,
get_link_metadata::get_link_metadata,
hide::hide_post,
like::like_post,
list_post_likes::list_post_likes,
lock::lock_post,
mark_read::mark_post_as_read,
save::save_post,
},
post_report::{
create::create_post_report,
list::list_post_reports,
resolve::resolve_post_report,
},
private_message::mark_read::mark_pm_as_read,
private_message_report::{
create::create_pm_report,
list::list_pm_reports,
resolve::resolve_pm_report,
},
site::{
block::block_instance,
federated_instances::get_federated_instances,
leave_admin::leave_admin,
list_all_media::list_all_media,
mod_log::get_mod_log,
purge::{
comment::purge_comment,
community::purge_community,
person::purge_person,
post::purge_post,
},
registration_applications::{
approve::approve_registration_application,
get::get_registration_application,
list::list_registration_applications,
unread_count::get_unread_registration_application_count,
},
},
sitemap::get_sitemap,
};
use lemmy_api_crud::{
comment::{
create::create_comment,
delete::delete_comment,
read::get_comment,
remove::remove_comment,
update::update_comment,
},
community::{
create::create_community,
delete::delete_community,
list::list_communities,
remove::remove_community,
update::update_community,
},
custom_emoji::{
create::create_custom_emoji,
delete::delete_custom_emoji,
list::list_custom_emojis,
update::update_custom_emoji,
},
oauth_provider::{
create::create_oauth_provider,
delete::delete_oauth_provider,
update::update_oauth_provider,
},
post::{
create::create_post,
delete::delete_post,
read::get_post,
remove::remove_post,
update::update_post,
},
private_message::{
create::create_private_message,
delete::delete_private_message,
read::get_private_message,
update::update_private_message,
},
site::{create::create_site, read::get_site, update::update_site},
tagline::{
create::create_tagline,
delete::delete_tagline,
list::list_taglines,
update::update_tagline,
},
user::{
create::{authenticate_with_oauth, register},
delete::delete_account,
},
};
use lemmy_apub::api::{
list_comments::list_comments,
list_posts::list_posts,
read_community::get_community,
read_person::read_person,
resolve_object::resolve_object,
search::search,
user_settings_backup::{export_settings, import_settings},
};
use lemmy_routes::images::image_proxy;
use lemmy_utils::rate_limit::RateLimitCell;
pub fn config(cfg: &mut web::ServiceConfig, rate_limit: &RateLimitCell) {
cfg.service(
web::scope("/api/v3")
.route("/image_proxy", web::get().to(image_proxy))
// Site
.service(
web::scope("/site")
.wrap(rate_limit.message())
.route("", web::get().to(get_site))
// Admin Actions
.route("", web::post().to(create_site))
.route("", web::put().to(update_site))
.route("/block", web::post().to(block_instance)),
)
.service(
web::resource("/modlog")
.wrap(rate_limit.message())
.route(web::get().to(get_mod_log)),
)
.service(
web::resource("/search")
.wrap(rate_limit.search())
.route(web::get().to(search)),
)
.service(
web::resource("/resolve_object")
.wrap(rate_limit.message())
.route(web::get().to(resolve_object)),
)
// Community
.service(
web::resource("/community")
.guard(guard::Post())
.wrap(rate_limit.register())
.route(web::post().to(create_community)),
)
.service(
web::scope("/community")
.wrap(rate_limit.message())
.route("", web::get().to(get_community))
.route("", web::put().to(update_community))
.route("/random", web::get().to(get_random_community))
.route("/hide", web::put().to(hide_community))
.route("/list", web::get().to(list_communities))
.route("/follow", web::post().to(follow_community))
.route("/block", web::post().to(block_community))
.route("/delete", web::post().to(delete_community))
// Mod Actions
.route("/remove", web::post().to(remove_community))
.route("/transfer", web::post().to(transfer_community))
.route("/ban_user", web::post().to(ban_from_community))
.route("/mod", web::post().to(add_mod_to_community))
.service(
web::scope("/pending_follows")
.wrap(rate_limit.message())
.route("/count", web::get().to(get_pending_follows_count))
.route("/list", web::get().to(get_pending_follows_list))
.route("/approve", web::post().to(post_pending_follows_approve)),
),
)
.service(
web::scope("/federated_instances")
.wrap(rate_limit.message())
.route("", web::get().to(get_federated_instances)),
)
// Post
.service(
// Handle POST to /post separately to add the post() rate limitter
web::resource("/post")
.guard(guard::Post())
.wrap(rate_limit.post())
.route(web::post().to(create_post)),
)
.service(
web::scope("/post")
.wrap(rate_limit.message())
.route("", web::get().to(get_post))
.route("", web::put().to(update_post))
.route("/delete", web::post().to(delete_post))
.route("/remove", web::post().to(remove_post))
.route("/mark_as_read", web::post().to(mark_post_as_read))
.route("/hide", web::post().to(hide_post))
.route("/lock", web::post().to(lock_post))
.route("/feature", web::post().to(feature_post))
.route("/list", web::get().to(list_posts))
.route("/like", web::post().to(like_post))
.route("/like/list", web::get().to(list_post_likes))
.route("/save", web::put().to(save_post))
.route("/report", web::post().to(create_post_report))
.route("/report/resolve", web::put().to(resolve_post_report))
.route("/report/list", web::get().to(list_post_reports))
.route("/site_metadata", web::get().to(get_link_metadata)),
)
// Comment
.service(
// Handle POST to /comment separately to add the comment() rate limitter
web::resource("/comment")
.guard(guard::Post())
.wrap(rate_limit.comment())
.route(web::post().to(create_comment)),
)
.service(
web::scope("/comment")
.wrap(rate_limit.message())
.route("", web::get().to(get_comment))
.route("", web::put().to(update_comment))
.route("/delete", web::post().to(delete_comment))
.route("/remove", web::post().to(remove_comment))
.route("/mark_as_read", web::post().to(mark_reply_as_read))
.route("/distinguish", web::post().to(distinguish_comment))
.route("/like", web::post().to(like_comment))
.route("/like/list", web::get().to(list_comment_likes))
.route("/save", web::put().to(save_comment))
.route("/list", web::get().to(list_comments))
.route("/report", web::post().to(create_comment_report))
.route("/report/resolve", web::put().to(resolve_comment_report))
.route("/report/list", web::get().to(list_comment_reports)),
)
// Private Message
.service(
web::scope("/private_message")
.wrap(rate_limit.message())
.route("/list", web::get().to(get_private_message))
.route("", web::post().to(create_private_message))
.route("", web::put().to(update_private_message))
.route("/delete", web::post().to(delete_private_message))
.route("/mark_as_read", web::post().to(mark_pm_as_read))
.route("/report", web::post().to(create_pm_report))
.route("/report/resolve", web::put().to(resolve_pm_report))
.route("/report/list", web::get().to(list_pm_reports)),
)
// User
.service(
// Account action, I don't like that it's in /user maybe /accounts
// Handle /user/register separately to add the register() rate limiter
web::resource("/user/register")
.guard(guard::Post())
.wrap(rate_limit.register())
.route(web::post().to(register)),
)
// User
.service(
// Handle /user/login separately to add the register() rate limiter
// TODO: pretty annoying way to apply rate limits for register and login, we should
// group them under a common path so that rate limit is only applied once (eg under
// /account).
web::resource("/user/login")
.guard(guard::Post())
.wrap(rate_limit.register())
.route(web::post().to(login)),
)
.service(
web::resource("/user/password_reset")
.wrap(rate_limit.register())
.route(web::post().to(reset_password)),
)
.service(
// Handle captcha separately
web::resource("/user/get_captcha")
.wrap(rate_limit.post())
.route(web::get().to(get_captcha)),
)
.service(
web::resource("/user/export_settings")
.wrap(rate_limit.import_user_settings())
.route(web::get().to(export_settings)),
)
.service(
web::resource("/user/import_settings")
.wrap(rate_limit.import_user_settings())
.route(web::post().to(import_settings)),
)
// TODO, all the current account related actions under /user need to get moved here eventually
.service(
web::scope("/account")
.wrap(rate_limit.message())
.route("/list_media", web::get().to(list_media)),
)
// User actions
.service(
web::scope("/user")
.wrap(rate_limit.message())
.route("", web::get().to(read_person))
.route("/mention", web::get().to(list_mentions))
.route(
"/mention/mark_as_read",
web::post().to(mark_person_mention_as_read),
)
.route("/replies", web::get().to(list_replies))
// Admin action. I don't like that it's in /user
.route("/ban", web::post().to(ban_from_site))
.route("/banned", web::get().to(list_banned_users))
.route("/block", web::post().to(block_person))
// TODO Account actions. I don't like that they're in /user maybe /accounts
.route("/logout", web::post().to(logout))
.route("/delete_account", web::post().to(delete_account))
.route(
"/password_change",
web::post().to(change_password_after_reset),
)
// TODO mark_all_as_read feels off being in this section as well
.route(
"/mark_all_as_read",
web::post().to(mark_all_notifications_read),
)
.route("/save_user_settings", web::put().to(save_user_settings))
.route("/change_password", web::put().to(change_password))
.route("/report_count", web::get().to(report_count))
.route("/unread_count", web::get().to(unread_count))
.route("/verify_email", web::post().to(verify_email))
.route("/leave_admin", web::post().to(leave_admin))
.route("/totp/generate", web::post().to(generate_totp_secret))
.route("/totp/update", web::post().to(update_totp))
.route("/list_logins", web::get().to(list_logins))
.route("/validate_auth", web::get().to(validate_auth)),
)
// Admin Actions
.service(
web::scope("/admin")
.wrap(rate_limit.message())
.route("/add", web::post().to(add_admin))
.route(
"/registration_application/count",
web::get().to(get_unread_registration_application_count),
)
.route(
"/registration_application/list",
web::get().to(list_registration_applications),
)
.route(
"/registration_application/approve",
web::put().to(approve_registration_application),
)
.route(
"/registration_application",
web::get().to(get_registration_application),
)
.route("/list_all_media", web::get().to(list_all_media))
.service(
web::scope("/purge")
.route("/person", web::post().to(purge_person))
.route("/community", web::post().to(purge_community))
.route("/post", web::post().to(purge_post))
.route("/comment", web::post().to(purge_comment)),
)
.service(
web::scope("/tagline")
.wrap(rate_limit.message())
.route("", web::post().to(create_tagline))
.route("", web::put().to(update_tagline))
.route("/delete", web::post().to(delete_tagline))
.route("/list", web::get().to(list_taglines)),
),
)
.service(
web::scope("/custom_emoji")
.wrap(rate_limit.message())
.route("", web::post().to(create_custom_emoji))
.route("", web::put().to(update_custom_emoji))
.route("/delete", web::post().to(delete_custom_emoji))
.route("/list", web::get().to(list_custom_emojis)),
)
.service(
web::scope("/oauth_provider")
.wrap(rate_limit.message())
.route("", web::post().to(create_oauth_provider))
.route("", web::put().to(update_oauth_provider))
.route("/delete", web::post().to(delete_oauth_provider)),
)
.service(
web::scope("/oauth")
.wrap(rate_limit.register())
.route("/authenticate", web::post().to(authenticate_with_oauth)),
),
);
cfg.service(
web::scope("/sitemap.xml")
.wrap(rate_limit.message())
.route("", web::get().to(get_sitemap)),
);
}