[feature] Client API endpoints + v. basic web view for pinned posts (#1547)

* implement status pin client api + web handler

* make test names + comments more descriptive

* don't use separate table for status pins

* remove unused add + remove checking

* tidy up + add some more tests

6 files changed, 168 insertions, 10 deletions

diff --git a/internal/processing/account/delete.go b/internal/processing/account/delete.go
index 7a31b45d4..58a967337 100644
--- a/internal/processing/account/delete.go
+++ b/internal/processing/account/delete.go
@@ -129,7 +129,7 @@ func (p *Processor) Delete(ctx context.Context, account *gtsmodel.Account, origi
 
 	for {
 		// Fetch next block of account statuses from database
-		statuses, err := p.db.GetAccountStatuses(ctx, account.ID, 20, false, false, maxID, "", false, false, false)
+		statuses, err := p.db.GetAccountStatuses(ctx, account.ID, 20, false, false, maxID, "", false, false)
 		if err != nil {
 			if !errors.Is(err, db.ErrNoEntries) {
 				// an actual error has occurred
diff --git a/internal/processing/account/statuses.go b/internal/processing/account/statuses.go
index 29833086d..7ff6de2ff 100644
--- a/internal/processing/account/statuses.go
+++ b/internal/processing/account/statuses.go
@@ -31,7 +31,7 @@ import (
 
 // StatusesGet fetches a number of statuses (in time descending order) from the given account, filtered by visibility for
 // the account given in authed.
-func (p *Processor) StatusesGet(ctx context.Context, requestingAccount *gtsmodel.Account, targetAccountID string, limit int, excludeReplies bool, excludeReblogs bool, maxID string, minID string, pinnedOnly bool, mediaOnly bool, publicOnly bool) (*apimodel.PageableResponse, gtserror.WithCode) {
+func (p *Processor) StatusesGet(ctx context.Context, requestingAccount *gtsmodel.Account, targetAccountID string, limit int, excludeReplies bool, excludeReblogs bool, maxID string, minID string, pinned bool, mediaOnly bool, publicOnly bool) (*apimodel.PageableResponse, gtserror.WithCode) {
 	if requestingAccount != nil {
 		if blocked, err := p.db.IsBlocked(ctx, requestingAccount.ID, targetAccountID, true); err != nil {
 			return nil, gtserror.NewErrorInternalError(err)
@@ -40,7 +40,17 @@ func (p *Processor) StatusesGet(ctx context.Context, requestingAccount *gtsmodel
 		}
 	}
 
-	statuses, err := p.db.GetAccountStatuses(ctx, targetAccountID, limit, excludeReplies, excludeReblogs, maxID, minID, pinnedOnly, mediaOnly, publicOnly)
+	var (
+		statuses []*gtsmodel.Status
+		err      error
+	)
+	if pinned {
+		// Get *ONLY* pinned statuses.
+		statuses, err = p.db.GetAccountPinnedStatuses(ctx, targetAccountID)
+	} else {
+		// Get account statuses which *may* include pinned ones.
+		statuses, err = p.db.GetAccountStatuses(ctx, targetAccountID, limit, excludeReplies, excludeReblogs, maxID, minID, mediaOnly, publicOnly)
+	}
 	if err != nil {
 		if err == db.ErrNoEntries {
 			return util.EmptyPageableResponse(), nil
@@ -48,7 +58,9 @@ func (p *Processor) StatusesGet(ctx context.Context, requestingAccount *gtsmodel
 		return nil, gtserror.NewErrorInternalError(err)
 	}
 
-	var filtered []*gtsmodel.Status
+	// Filtering + serialization process is the same for
+	// either pinned status queries or 'normal' ones.
+	filtered := make([]*gtsmodel.Status, 0, len(statuses))
 	for _, s := range statuses {
 		visible, err := p.filter.StatusVisible(ctx, s, requestingAccount)
 		if err == nil && visible {
@@ -57,12 +69,11 @@ func (p *Processor) StatusesGet(ctx context.Context, requestingAccount *gtsmodel
 	}
 
 	count := len(filtered)
-
 	if count == 0 {
 		return util.EmptyPageableResponse(), nil
 	}
 
-	items := []interface{}{}
+	items := make([]interface{}, 0, count)
 	nextMaxIDValue := ""
 	prevMinIDValue := ""
 	for i, s := range filtered {
@@ -82,6 +93,14 @@ func (p *Processor) StatusesGet(ctx context.Context, requestingAccount *gtsmodel
 		items = append(items, item)
 	}
 
+	if pinned {
+		// We don't page on pinned status responses,
+		// so we can save some work + just return items.
+		return &apimodel.PageableResponse{
+			Items: items,
+		}, nil
+	}
+
 	return util.PackagePageableResponse(util.PageableResponseParams{
 		Items:          items,
 		Path:           fmt.Sprintf("/api/v1/accounts/%s/statuses", targetAccountID),
@@ -91,7 +110,7 @@ func (p *Processor) StatusesGet(ctx context.Context, requestingAccount *gtsmodel
 		ExtraQueryParams: []string{
 			fmt.Sprintf("exclude_replies=%t", excludeReplies),
 			fmt.Sprintf("exclude_reblogs=%t", excludeReblogs),
-			fmt.Sprintf("pinned_only=%t", pinnedOnly),
+			fmt.Sprintf("pinned=%t", pinned),
 			fmt.Sprintf("only_media=%t", mediaOnly),
 			fmt.Sprintf("only_public=%t", publicOnly),
 		},
diff --git a/internal/processing/fedi/collections.go b/internal/processing/fedi/collections.go
index 62fc9d7b8..33d1b64e9 100644
--- a/internal/processing/fedi/collections.go
+++ b/internal/processing/fedi/collections.go
@@ -192,7 +192,7 @@ func (p *Processor) OutboxGet(ctx context.Context, requestedUsername string, pag
 
 	// scenario 2 -- get the requested page
 	// limit pages to 30 entries per page
-	publicStatuses, err := p.db.GetAccountStatuses(ctx, requestedAccount.ID, 30, true, true, maxID, minID, false, false, true)
+	publicStatuses, err := p.db.GetAccountStatuses(ctx, requestedAccount.ID, 30, true, true, maxID, minID, false, true)
 	if err != nil && err != db.ErrNoEntries {
 		return nil, gtserror.NewErrorInternalError(err)
 	}
diff --git a/internal/processing/fromclientapi_test.go b/internal/processing/fromclientapi_test.go
index 2349febf5..438c6a3ce 100644
--- a/internal/processing/fromclientapi_test.go
+++ b/internal/processing/fromclientapi_test.go
@@ -76,7 +76,6 @@ func (suite *FromClientAPITestSuite) TestProcessStreamNewStatus() {
 		Sensitive:                testrig.FalseBool(),
 		Language:                 "en",
 		CreatedWithApplicationID: "01F8MGXQRHYF5QPMTMXP78QC2F",
-		Pinned:                   testrig.FalseBool(),
 		Federated:                testrig.FalseBool(),
 		Boostable:                testrig.TrueBool(),
 		Replyable:                testrig.TrueBool(),
diff --git a/internal/processing/fromfederator_test.go b/internal/processing/fromfederator_test.go
index 9999c7054..6913b22af 100644
--- a/internal/processing/fromfederator_test.go
+++ b/internal/processing/fromfederator_test.go
@@ -369,7 +369,7 @@ func (suite *FromFederatorTestSuite) TestProcessAccountDelete() {
 
 	// no statuses from foss satan should be left in the database
 	if !testrig.WaitFor(func() bool {
-		s, err := suite.db.GetAccountStatuses(ctx, deletedAccount.ID, 0, false, false, "", "", false, false, false)
+		s, err := suite.db.GetAccountStatuses(ctx, deletedAccount.ID, 0, false, false, "", "", false, false)
 		return s == nil && err == db.ErrNoEntries
 	}) {
 		suite.FailNow("timeout waiting for statuses to be deleted")
diff --git a/internal/processing/status/pin.go b/internal/processing/status/pin.go
new file mode 100644
index 000000000..addd2515b
--- /dev/null
+++ b/internal/processing/status/pin.go
@@ -0,0 +1,140 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package status
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+)
+
+const allowedPinnedCount = 10
+
+// getPinnableStatus fetches targetStatusID status and ensures that requestingAccountID
+// can pin or unpin it.
+//
+// It checks:
+//   - Status belongs to requesting account.
+//   - Status is public, unlisted, or followers-only.
+//   - Status is not a boost.
+func (p *Processor) getPinnableStatus(ctx context.Context, targetStatusID string, requestingAccountID string) (*gtsmodel.Status, gtserror.WithCode) {
+	targetStatus, err := p.db.GetStatusByID(ctx, targetStatusID)
+	if err != nil {
+		err = fmt.Errorf("error fetching status %s: %w", targetStatusID, err)
+		return nil, gtserror.NewErrorNotFound(err)
+	}
+
+	if targetStatus.AccountID != requestingAccountID {
+		err = fmt.Errorf("status %s does not belong to account %s", targetStatusID, requestingAccountID)
+		return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
+	}
+
+	if targetStatus.Visibility == gtsmodel.VisibilityDirect {
+		err = errors.New("cannot pin direct messages")
+		return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
+	}
+
+	if targetStatus.BoostOfID != "" {
+		err = errors.New("cannot pin boosts")
+		return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
+	}
+
+	return targetStatus, nil
+}
+
+// PinCreate pins the target status to the top of requestingAccount's profile, if possible.
+//
+// Conditions for a pin to work:
+//   - Status belongs to requesting account.
+//   - Status is public, unlisted, or followers-only.
+//   - Status is not a boost.
+//   - Status is not already pinnd.
+//   - Limit of pinned statuses not yet met or exceeded.
+//
+// If the conditions can't be met, then code 422 Unprocessable Entity will be returned.
+func (p *Processor) PinCreate(ctx context.Context, requestingAccount *gtsmodel.Account, targetStatusID string) (*apimodel.Status, gtserror.WithCode) {
+	targetStatus, errWithCode := p.getPinnableStatus(ctx, targetStatusID, requestingAccount.ID)
+	if errWithCode != nil {
+		return nil, errWithCode
+	}
+
+	if !targetStatus.PinnedAt.IsZero() {
+		err := errors.New("status already pinned")
+		return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
+	}
+
+	pinnedCount, err := p.db.CountAccountPinned(ctx, requestingAccount.ID)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error checking number of pinned statuses: %w", err))
+	}
+
+	if pinnedCount >= allowedPinnedCount {
+		err = fmt.Errorf("status pin limit exceeded, you've already pinned %d status(es) out of %d", pinnedCount, allowedPinnedCount)
+		return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
+	}
+
+	targetStatus.PinnedAt = time.Now()
+	if err := p.db.UpdateStatus(ctx, targetStatus); err != nil {
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("db error pinning status: %w", err))
+	}
+
+	apiStatus, err := p.tc.StatusToAPIStatus(ctx, targetStatus, requestingAccount)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error converting status %s to frontend representation: %w", targetStatus.ID, err))
+	}
+
+	return apiStatus, nil
+}
+
+// PinRemove unpins the target status from the top of requestingAccount's profile, if possible.
+//
+// Conditions for an unpin to work:
+//   - Status belongs to requesting account.
+//   - Status is public, unlisted, or followers-only.
+//   - Status is not a boost.
+//
+// If the conditions can't be met, then code 422 Unprocessable Entity will be returned.
+//
+// Unlike with PinCreate, statuses that are already unpinned will not return 422, but just do
+// nothing and return the api model representation of the status, to conform to the masto API.
+func (p *Processor) PinRemove(ctx context.Context, requestingAccount *gtsmodel.Account, targetStatusID string) (*apimodel.Status, gtserror.WithCode) {
+	targetStatus, errWithCode := p.getPinnableStatus(ctx, targetStatusID, requestingAccount.ID)
+	if errWithCode != nil {
+		return nil, errWithCode
+	}
+
+	if targetStatus.PinnedAt.IsZero() {
+		targetStatus.PinnedAt = time.Time{}
+		if err := p.db.UpdateStatus(ctx, targetStatus); err != nil {
+			return nil, gtserror.NewErrorInternalError(fmt.Errorf("db error unpinning status: %w", err))
+		}
+	}
+
+	apiStatus, err := p.tc.StatusToAPIStatus(ctx, targetStatus, requestingAccount)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error converting status %s to frontend representation: %w", targetStatus.ID, err))
+	}
+
+	return apiStatus, nil
+}