[feature] Support setting private notes on accounts (#1982)

* Support setting private notes on accounts

* Reformat comment whitespace

* Add missing license headers

* Use apiutil.ParseID

* Rename Note model and cache to AccountNote

* Update golden cache config in test/envparsing.sh

* Rename gtsmodel/note.go to gtsmodel/accountnote.go

* Update AccountNote uniqueness constraint name

Now has same prefix as other indexes on this table.

---------

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>

2 files changed, 112 insertions, 0 deletions

diff --git a/internal/api/client/accounts/accounts.go b/internal/api/client/accounts/accounts.go
index 9bb13231d..d57748d46 100644
--- a/internal/api/client/accounts/accounts.go
+++ b/internal/api/client/accounts/accounts.go
@@ -45,6 +45,7 @@ const (
 	FollowPath        = BasePathWithID + "/follow"
 	ListsPath         = BasePathWithID + "/lists"
 	LookupPath        = BasePath + "/lookup"
+	NotePath          = BasePathWithID + "/note"
 	RelationshipsPath = BasePath + "/relationships"
 	SearchPath        = BasePath + "/search"
 	StatusesPath      = BasePathWithID + "/statuses"
@@ -101,6 +102,9 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
 	// account lists
 	attachHandler(http.MethodGet, ListsPath, m.AccountListsGETHandler)
 
+	// account note
+	attachHandler(http.MethodPost, NotePath, m.AccountNotePOSTHandler)
+
 	// search for accounts
 	attachHandler(http.MethodGet, SearchPath, m.AccountSearchGETHandler)
 	attachHandler(http.MethodGet, LookupPath, m.AccountLookupGETHandler)
diff --git a/internal/api/client/accounts/note.go b/internal/api/client/accounts/note.go
new file mode 100644
index 000000000..9a0667875
--- /dev/null
+++ b/internal/api/client/accounts/note.go
@@ -0,0 +1,108 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package accounts
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+)
+
+// AccountNotePOSTHandler swagger:operation POST /api/v1/accounts/{id}/note accountNote
+//
+// Set a private note for an account with the given id.
+//
+//	---
+//	tags:
+//	- accounts
+//
+//	consumes:
+//	- multipart/form-data
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: id
+//		type: string
+//		description: The id of the account for which to set a note.
+//		in: path
+//		required: true
+//	-
+//		name: comment
+//		type: string
+//		description: The text of the note. Omit this parameter or send an empty string to clear the note.
+//		in: formData
+//		default: ""
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- write:accounts
+//
+//	responses:
+//		'200':
+//			description: Your relationship to the account.
+//			schema:
+//				"$ref": "#/definitions/accountRelationship"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) AccountNotePOSTHandler(c *gin.Context) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	targetAcctID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey))
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	form := &apimodel.AccountNoteRequest{}
+	if err := c.ShouldBind(form); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	relationship, errWithCode := m.processor.Account().PutNote(c.Request.Context(), authed.Account, targetAcctID, form.Comment)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	c.JSON(http.StatusOK, relationship)
+}