diff options
Diffstat (limited to 'internal/api/client/status')
| -rw-r--r-- | internal/api/client/status/statusboost.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusboost_test.go | 3 | ||||
| -rw-r--r-- | internal/api/client/status/statuscontext.go | 6 | ||||
| -rw-r--r-- | internal/api/client/status/statuscreate.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statuscreate_test.go | 6 | ||||
| -rw-r--r-- | internal/api/client/status/statusdelete.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusfave.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusfave_test.go | 2 | ||||
| -rw-r--r-- | internal/api/client/status/statusfavedby.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusfavedby_test.go | 1 | ||||
| -rw-r--r-- | internal/api/client/status/statusget.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusunboost.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusunfave.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusunfave_test.go | 2 | 
14 files changed, 76 insertions, 8 deletions
| diff --git a/internal/api/client/status/statusboost.go b/internal/api/client/status/statusboost.go index bc950d358..ada791788 100644 --- a/internal/api/client/status/statusboost.go +++ b/internal/api/client/status/statusboost.go @@ -23,6 +23,7 @@ import (  	"github.com/gin-gonic/gin"  	"github.com/sirupsen/logrus" +	"github.com/superseriousbusiness/gotosocial/internal/api"  	"github.com/superseriousbusiness/gotosocial/internal/oauth"  ) @@ -74,13 +75,18 @@ func (m *Module) StatusBoostPOSTHandler(c *gin.Context) {  	})  	l.Debugf("entering function") -	authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else +	authed, err := oauth.Authed(c, true, true, true, true)  	if err != nil {  		l.Debug("not authed so can't boost status")  		c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})  		return  	} +	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { +		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) +		return +	} +  	targetStatusID := c.Param(IDKey)  	if targetStatusID == "" {  		c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusboost_test.go b/internal/api/client/status/statusboost_test.go index b5a377565..3fc27becc 100644 --- a/internal/api/client/status/statusboost_test.go +++ b/internal/api/client/status/statusboost_test.go @@ -51,6 +51,7 @@ func (suite *StatusBoostTestSuite) TestPostBoost() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	// normally the router would populate these params from the path values,  	// but because we're calling the function directly, we need to set them manually. @@ -117,6 +118,7 @@ func (suite *StatusBoostTestSuite) TestPostUnboostable() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	// normally the router would populate these params from the path values,  	// but because we're calling the function directly, we need to set them manually. @@ -155,6 +157,7 @@ func (suite *StatusBoostTestSuite) TestPostNotVisible() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_2"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_2"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	// normally the router would populate these params from the path values,  	// but because we're calling the function directly, we need to set them manually. diff --git a/internal/api/client/status/statuscontext.go b/internal/api/client/status/statuscontext.go index f9d7fcc35..7dc23f570 100644 --- a/internal/api/client/status/statuscontext.go +++ b/internal/api/client/status/statuscontext.go @@ -23,6 +23,7 @@ import (  	"github.com/gin-gonic/gin"  	"github.com/sirupsen/logrus" +	"github.com/superseriousbusiness/gotosocial/internal/api"  	"github.com/superseriousbusiness/gotosocial/internal/oauth"  ) @@ -80,6 +81,11 @@ func (m *Module) StatusContextGETHandler(c *gin.Context) {  		return  	} +	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { +		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) +		return +	} +  	targetStatusID := c.Param(IDKey)  	if targetStatusID == "" {  		c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statuscreate.go b/internal/api/client/status/statuscreate.go index 629a325c5..40a437564 100644 --- a/internal/api/client/status/statuscreate.go +++ b/internal/api/client/status/statuscreate.go @@ -27,6 +27,7 @@ import (  	"github.com/spf13/viper"  	"github.com/gin-gonic/gin" +	"github.com/superseriousbusiness/gotosocial/internal/api"  	"github.com/superseriousbusiness/gotosocial/internal/api/model"  	"github.com/superseriousbusiness/gotosocial/internal/config"  	"github.com/superseriousbusiness/gotosocial/internal/oauth" @@ -71,13 +72,18 @@ import (  //      description: internal error  func (m *Module) StatusCreatePOSTHandler(c *gin.Context) {  	l := logrus.WithField("func", "statusCreatePOSTHandler") -	authed, err := oauth.Authed(c, true, true, true, true) // posting a status is serious business so we want *everything* +	authed, err := oauth.Authed(c, true, true, true, true)  	if err != nil {  		l.Debugf("couldn't auth: %s", err)  		c.JSON(http.StatusForbidden, gin.H{"error": err.Error()})  		return  	} +	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { +		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) +		return +	} +  	// First check this user/account is permitted to post new statuses.  	// There's no point continuing otherwise.  	if authed.User.Disabled || !authed.User.Approved || !authed.Account.SuspendedAt.IsZero() { diff --git a/internal/api/client/status/statuscreate_test.go b/internal/api/client/status/statuscreate_test.go index 776b25769..cbbce681f 100644 --- a/internal/api/client/status/statuscreate_test.go +++ b/internal/api/client/status/statuscreate_test.go @@ -65,6 +65,7 @@ func (suite *StatusCreateTestSuite) TestPostNewStatus() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	ctx.Request.Form = url.Values{  		"status":       {"this is a brand new status! #helloworld"},  		"spoiler_text": {"hello hello"}, @@ -119,6 +120,7 @@ func (suite *StatusCreateTestSuite) TestPostAnotherNewStatus() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	ctx.Request.Form = url.Values{  		"status": {statusWithLinksAndTags},  	} @@ -154,6 +156,7 @@ func (suite *StatusCreateTestSuite) TestPostNewStatusWithEmoji() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	ctx.Request.Form = url.Values{  		"status": {"here is a rainbow emoji a few times! :rainbow: :rainbow: :rainbow: \n here's an emoji that isn't in the db: :test_emoji: "},  	} @@ -195,6 +198,7 @@ func (suite *StatusCreateTestSuite) TestReplyToNonexistentStatus() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	ctx.Request.Form = url.Values{  		"status":         {"this is a reply to a status that doesn't exist"},  		"spoiler_text":   {"don't open cuz it won't work"}, @@ -226,6 +230,7 @@ func (suite *StatusCreateTestSuite) TestReplyToLocalStatus() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	ctx.Request.Form = url.Values{  		"status":         {fmt.Sprintf("hello @%s this reply should work!", testrig.NewTestAccounts()["local_account_2"].Username)},  		"in_reply_to_id": {testrig.NewTestStatuses()["local_account_2_status_1"].ID}, @@ -268,6 +273,7 @@ func (suite *StatusCreateTestSuite) TestAttachNewMediaSuccess() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	ctx.Request.Form = url.Values{  		"status":    {"here's an image attachment"},  		"media_ids": {attachment.ID}, diff --git a/internal/api/client/status/statusdelete.go b/internal/api/client/status/statusdelete.go index 5a6b2928e..8e2a81ecb 100644 --- a/internal/api/client/status/statusdelete.go +++ b/internal/api/client/status/statusdelete.go @@ -23,6 +23,7 @@ import (  	"github.com/gin-gonic/gin"  	"github.com/sirupsen/logrus" +	"github.com/superseriousbusiness/gotosocial/internal/api"  	"github.com/superseriousbusiness/gotosocial/internal/oauth"  ) @@ -73,13 +74,18 @@ func (m *Module) StatusDELETEHandler(c *gin.Context) {  	})  	l.Debugf("entering function") -	authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else +	authed, err := oauth.Authed(c, true, true, true, true)  	if err != nil {  		l.Debug("not authed so can't delete status")  		c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})  		return  	} +	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { +		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) +		return +	} +  	targetStatusID := c.Param(IDKey)  	if targetStatusID == "" {  		c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusfave.go b/internal/api/client/status/statusfave.go index 7d4879832..3ced93f3a 100644 --- a/internal/api/client/status/statusfave.go +++ b/internal/api/client/status/statusfave.go @@ -23,6 +23,7 @@ import (  	"github.com/gin-gonic/gin"  	"github.com/sirupsen/logrus" +	"github.com/superseriousbusiness/gotosocial/internal/api"  	"github.com/superseriousbusiness/gotosocial/internal/oauth"  ) @@ -70,13 +71,18 @@ func (m *Module) StatusFavePOSTHandler(c *gin.Context) {  	})  	l.Debugf("entering function") -	authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else +	authed, err := oauth.Authed(c, true, true, true, true)  	if err != nil {  		l.Debug("not authed so can't fave status")  		c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})  		return  	} +	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { +		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) +		return +	} +  	targetStatusID := c.Param(IDKey)  	if targetStatusID == "" {  		c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusfave_test.go b/internal/api/client/status/statusfave_test.go index 5b877a291..4c924e7a2 100644 --- a/internal/api/client/status/statusfave_test.go +++ b/internal/api/client/status/statusfave_test.go @@ -55,6 +55,7 @@ func (suite *StatusFaveTestSuite) TestPostFave() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.FavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	// normally the router would populate these params from the path values,  	// but because we're calling the function directly, we need to set them manually. @@ -103,6 +104,7 @@ func (suite *StatusFaveTestSuite) TestPostUnfaveable() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.FavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	// normally the router would populate these params from the path values,  	// but because we're calling the function directly, we need to set them manually. diff --git a/internal/api/client/status/statusfavedby.go b/internal/api/client/status/statusfavedby.go index 4de66d65d..a20b7bb8c 100644 --- a/internal/api/client/status/statusfavedby.go +++ b/internal/api/client/status/statusfavedby.go @@ -23,6 +23,7 @@ import (  	"github.com/gin-gonic/gin"  	"github.com/sirupsen/logrus" +	"github.com/superseriousbusiness/gotosocial/internal/api"  	"github.com/superseriousbusiness/gotosocial/internal/oauth"  ) @@ -71,13 +72,18 @@ func (m *Module) StatusFavedByGETHandler(c *gin.Context) {  	})  	l.Debugf("entering function") -	authed, err := oauth.Authed(c, false, false, false, false) // we don't really need an app here but we want everything else +	authed, err := oauth.Authed(c, true, true, true, true) // we don't really need an app here but we want everything else  	if err != nil {  		l.Errorf("error authing status faved by request: %s", err)  		c.JSON(http.StatusBadRequest, gin.H{"error": "not authed"})  		return  	} +	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { +		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) +		return +	} +  	targetStatusID := c.Param(IDKey)  	if targetStatusID == "" {  		c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusfavedby_test.go b/internal/api/client/status/statusfavedby_test.go index 0f10d8449..ca85c6ccf 100644 --- a/internal/api/client/status/statusfavedby_test.go +++ b/internal/api/client/status/statusfavedby_test.go @@ -53,6 +53,7 @@ func (suite *StatusFavedByTestSuite) TestGetFavedBy() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_2"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_2"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.FavouritedPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	// normally the router would populate these params from the path values,  	// but because we're calling the function directly, we need to set them manually. diff --git a/internal/api/client/status/statusget.go b/internal/api/client/status/statusget.go index b246002d8..061434457 100644 --- a/internal/api/client/status/statusget.go +++ b/internal/api/client/status/statusget.go @@ -23,6 +23,7 @@ import (  	"github.com/gin-gonic/gin"  	"github.com/sirupsen/logrus" +	"github.com/superseriousbusiness/gotosocial/internal/api"  	"github.com/superseriousbusiness/gotosocial/internal/oauth"  ) @@ -70,13 +71,18 @@ func (m *Module) StatusGETHandler(c *gin.Context) {  	})  	l.Debugf("entering function") -	authed, err := oauth.Authed(c, false, false, false, false) // we don't really need an app here but we want everything else +	authed, err := oauth.Authed(c, false, false, false, false)  	if err != nil {  		l.Errorf("error authing status faved by request: %s", err)  		c.JSON(http.StatusBadRequest, gin.H{"error": "not authed"})  		return  	} +	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { +		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) +		return +	} +  	targetStatusID := c.Param(IDKey)  	if targetStatusID == "" {  		c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusunboost.go b/internal/api/client/status/statusunboost.go index 7ddb274e0..bb50b3879 100644 --- a/internal/api/client/status/statusunboost.go +++ b/internal/api/client/status/statusunboost.go @@ -23,6 +23,7 @@ import (  	"github.com/gin-gonic/gin"  	"github.com/sirupsen/logrus" +	"github.com/superseriousbusiness/gotosocial/internal/api"  	"github.com/superseriousbusiness/gotosocial/internal/oauth"  ) @@ -71,13 +72,18 @@ func (m *Module) StatusUnboostPOSTHandler(c *gin.Context) {  	})  	l.Debugf("entering function") -	authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else +	authed, err := oauth.Authed(c, true, true, true, true)  	if err != nil {  		l.Debug("not authed so can't unboost status")  		c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})  		return  	} +	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { +		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) +		return +	} +  	targetStatusID := c.Param(IDKey)  	if targetStatusID == "" {  		c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusunfave.go b/internal/api/client/status/statusunfave.go index 29d3daa47..0b0cebc73 100644 --- a/internal/api/client/status/statusunfave.go +++ b/internal/api/client/status/statusunfave.go @@ -23,6 +23,7 @@ import (  	"github.com/gin-gonic/gin"  	"github.com/sirupsen/logrus" +	"github.com/superseriousbusiness/gotosocial/internal/api"  	"github.com/superseriousbusiness/gotosocial/internal/oauth"  ) @@ -70,13 +71,18 @@ func (m *Module) StatusUnfavePOSTHandler(c *gin.Context) {  	})  	l.Debugf("entering function") -	authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else +	authed, err := oauth.Authed(c, true, true, true, true)  	if err != nil {  		l.Debug("not authed so can't unfave status")  		c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"})  		return  	} +	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { +		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) +		return +	} +  	targetStatusID := c.Param(IDKey)  	if targetStatusID == "" {  		c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusunfave_test.go b/internal/api/client/status/statusunfave_test.go index 0809840da..3355c6326 100644 --- a/internal/api/client/status/statusunfave_test.go +++ b/internal/api/client/status/statusunfave_test.go @@ -56,6 +56,7 @@ func (suite *StatusUnfaveTestSuite) TestPostUnfave() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.UnfavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	// normally the router would populate these params from the path values,  	// but because we're calling the function directly, we need to set them manually. @@ -105,6 +106,7 @@ func (suite *StatusUnfaveTestSuite) TestPostAlreadyNotFaved() {  	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])  	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])  	ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.UnfavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting +	ctx.Request.Header.Set("accept", "application/json")  	// normally the router would populate these params from the path values,  	// but because we're calling the function directly, we need to set them manually. | 
