diff options
Diffstat (limited to 'internal/api/client/status')
| -rw-r--r-- | internal/api/client/status/statusboost.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusboost_test.go | 3 | ||||
| -rw-r--r-- | internal/api/client/status/statuscontext.go | 6 | ||||
| -rw-r--r-- | internal/api/client/status/statuscreate.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statuscreate_test.go | 6 | ||||
| -rw-r--r-- | internal/api/client/status/statusdelete.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusfave.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusfave_test.go | 2 | ||||
| -rw-r--r-- | internal/api/client/status/statusfavedby.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusfavedby_test.go | 1 | ||||
| -rw-r--r-- | internal/api/client/status/statusget.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusunboost.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusunfave.go | 8 | ||||
| -rw-r--r-- | internal/api/client/status/statusunfave_test.go | 2 |
14 files changed, 76 insertions, 8 deletions
diff --git a/internal/api/client/status/statusboost.go b/internal/api/client/status/statusboost.go index bc950d358..ada791788 100644 --- a/internal/api/client/status/statusboost.go +++ b/internal/api/client/status/statusboost.go @@ -23,6 +23,7 @@ import ( "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -74,13 +75,18 @@ func (m *Module) StatusBoostPOSTHandler(c *gin.Context) { }) l.Debugf("entering function") - authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else + authed, err := oauth.Authed(c, true, true, true, true) if err != nil { l.Debug("not authed so can't boost status") c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"}) return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + targetStatusID := c.Param(IDKey) if targetStatusID == "" { c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusboost_test.go b/internal/api/client/status/statusboost_test.go index b5a377565..3fc27becc 100644 --- a/internal/api/client/status/statusboost_test.go +++ b/internal/api/client/status/statusboost_test.go @@ -51,6 +51,7 @@ func (suite *StatusBoostTestSuite) TestPostBoost() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") // normally the router would populate these params from the path values, // but because we're calling the function directly, we need to set them manually. @@ -117,6 +118,7 @@ func (suite *StatusBoostTestSuite) TestPostUnboostable() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") // normally the router would populate these params from the path values, // but because we're calling the function directly, we need to set them manually. @@ -155,6 +157,7 @@ func (suite *StatusBoostTestSuite) TestPostNotVisible() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_2"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_2"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.ReblogPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") // normally the router would populate these params from the path values, // but because we're calling the function directly, we need to set them manually. diff --git a/internal/api/client/status/statuscontext.go b/internal/api/client/status/statuscontext.go index f9d7fcc35..7dc23f570 100644 --- a/internal/api/client/status/statuscontext.go +++ b/internal/api/client/status/statuscontext.go @@ -23,6 +23,7 @@ import ( "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -80,6 +81,11 @@ func (m *Module) StatusContextGETHandler(c *gin.Context) { return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + targetStatusID := c.Param(IDKey) if targetStatusID == "" { c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statuscreate.go b/internal/api/client/status/statuscreate.go index 629a325c5..40a437564 100644 --- a/internal/api/client/status/statuscreate.go +++ b/internal/api/client/status/statuscreate.go @@ -27,6 +27,7 @@ import ( "github.com/spf13/viper" "github.com/gin-gonic/gin" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/oauth" @@ -71,13 +72,18 @@ import ( // description: internal error func (m *Module) StatusCreatePOSTHandler(c *gin.Context) { l := logrus.WithField("func", "statusCreatePOSTHandler") - authed, err := oauth.Authed(c, true, true, true, true) // posting a status is serious business so we want *everything* + authed, err := oauth.Authed(c, true, true, true, true) if err != nil { l.Debugf("couldn't auth: %s", err) c.JSON(http.StatusForbidden, gin.H{"error": err.Error()}) return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + // First check this user/account is permitted to post new statuses. // There's no point continuing otherwise. if authed.User.Disabled || !authed.User.Approved || !authed.Account.SuspendedAt.IsZero() { diff --git a/internal/api/client/status/statuscreate_test.go b/internal/api/client/status/statuscreate_test.go index 776b25769..cbbce681f 100644 --- a/internal/api/client/status/statuscreate_test.go +++ b/internal/api/client/status/statuscreate_test.go @@ -65,6 +65,7 @@ func (suite *StatusCreateTestSuite) TestPostNewStatus() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"this is a brand new status! #helloworld"}, "spoiler_text": {"hello hello"}, @@ -119,6 +120,7 @@ func (suite *StatusCreateTestSuite) TestPostAnotherNewStatus() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {statusWithLinksAndTags}, } @@ -154,6 +156,7 @@ func (suite *StatusCreateTestSuite) TestPostNewStatusWithEmoji() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"here is a rainbow emoji a few times! :rainbow: :rainbow: :rainbow: \n here's an emoji that isn't in the db: :test_emoji: "}, } @@ -195,6 +198,7 @@ func (suite *StatusCreateTestSuite) TestReplyToNonexistentStatus() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"this is a reply to a status that doesn't exist"}, "spoiler_text": {"don't open cuz it won't work"}, @@ -226,6 +230,7 @@ func (suite *StatusCreateTestSuite) TestReplyToLocalStatus() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {fmt.Sprintf("hello @%s this reply should work!", testrig.NewTestAccounts()["local_account_2"].Username)}, "in_reply_to_id": {testrig.NewTestStatuses()["local_account_2_status_1"].ID}, @@ -268,6 +273,7 @@ func (suite *StatusCreateTestSuite) TestAttachNewMediaSuccess() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", status.BasePath), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") ctx.Request.Form = url.Values{ "status": {"here's an image attachment"}, "media_ids": {attachment.ID}, diff --git a/internal/api/client/status/statusdelete.go b/internal/api/client/status/statusdelete.go index 5a6b2928e..8e2a81ecb 100644 --- a/internal/api/client/status/statusdelete.go +++ b/internal/api/client/status/statusdelete.go @@ -23,6 +23,7 @@ import ( "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -73,13 +74,18 @@ func (m *Module) StatusDELETEHandler(c *gin.Context) { }) l.Debugf("entering function") - authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else + authed, err := oauth.Authed(c, true, true, true, true) if err != nil { l.Debug("not authed so can't delete status") c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"}) return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + targetStatusID := c.Param(IDKey) if targetStatusID == "" { c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusfave.go b/internal/api/client/status/statusfave.go index 7d4879832..3ced93f3a 100644 --- a/internal/api/client/status/statusfave.go +++ b/internal/api/client/status/statusfave.go @@ -23,6 +23,7 @@ import ( "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -70,13 +71,18 @@ func (m *Module) StatusFavePOSTHandler(c *gin.Context) { }) l.Debugf("entering function") - authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else + authed, err := oauth.Authed(c, true, true, true, true) if err != nil { l.Debug("not authed so can't fave status") c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"}) return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + targetStatusID := c.Param(IDKey) if targetStatusID == "" { c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusfave_test.go b/internal/api/client/status/statusfave_test.go index 5b877a291..4c924e7a2 100644 --- a/internal/api/client/status/statusfave_test.go +++ b/internal/api/client/status/statusfave_test.go @@ -55,6 +55,7 @@ func (suite *StatusFaveTestSuite) TestPostFave() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.FavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") // normally the router would populate these params from the path values, // but because we're calling the function directly, we need to set them manually. @@ -103,6 +104,7 @@ func (suite *StatusFaveTestSuite) TestPostUnfaveable() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.FavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") // normally the router would populate these params from the path values, // but because we're calling the function directly, we need to set them manually. diff --git a/internal/api/client/status/statusfavedby.go b/internal/api/client/status/statusfavedby.go index 4de66d65d..a20b7bb8c 100644 --- a/internal/api/client/status/statusfavedby.go +++ b/internal/api/client/status/statusfavedby.go @@ -23,6 +23,7 @@ import ( "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -71,13 +72,18 @@ func (m *Module) StatusFavedByGETHandler(c *gin.Context) { }) l.Debugf("entering function") - authed, err := oauth.Authed(c, false, false, false, false) // we don't really need an app here but we want everything else + authed, err := oauth.Authed(c, true, true, true, true) // we don't really need an app here but we want everything else if err != nil { l.Errorf("error authing status faved by request: %s", err) c.JSON(http.StatusBadRequest, gin.H{"error": "not authed"}) return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + targetStatusID := c.Param(IDKey) if targetStatusID == "" { c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusfavedby_test.go b/internal/api/client/status/statusfavedby_test.go index 0f10d8449..ca85c6ccf 100644 --- a/internal/api/client/status/statusfavedby_test.go +++ b/internal/api/client/status/statusfavedby_test.go @@ -53,6 +53,7 @@ func (suite *StatusFavedByTestSuite) TestGetFavedBy() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_2"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_2"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.FavouritedPath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") // normally the router would populate these params from the path values, // but because we're calling the function directly, we need to set them manually. diff --git a/internal/api/client/status/statusget.go b/internal/api/client/status/statusget.go index b246002d8..061434457 100644 --- a/internal/api/client/status/statusget.go +++ b/internal/api/client/status/statusget.go @@ -23,6 +23,7 @@ import ( "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -70,13 +71,18 @@ func (m *Module) StatusGETHandler(c *gin.Context) { }) l.Debugf("entering function") - authed, err := oauth.Authed(c, false, false, false, false) // we don't really need an app here but we want everything else + authed, err := oauth.Authed(c, false, false, false, false) if err != nil { l.Errorf("error authing status faved by request: %s", err) c.JSON(http.StatusBadRequest, gin.H{"error": "not authed"}) return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + targetStatusID := c.Param(IDKey) if targetStatusID == "" { c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusunboost.go b/internal/api/client/status/statusunboost.go index 7ddb274e0..bb50b3879 100644 --- a/internal/api/client/status/statusunboost.go +++ b/internal/api/client/status/statusunboost.go @@ -23,6 +23,7 @@ import ( "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -71,13 +72,18 @@ func (m *Module) StatusUnboostPOSTHandler(c *gin.Context) { }) l.Debugf("entering function") - authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else + authed, err := oauth.Authed(c, true, true, true, true) if err != nil { l.Debug("not authed so can't unboost status") c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"}) return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + targetStatusID := c.Param(IDKey) if targetStatusID == "" { c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusunfave.go b/internal/api/client/status/statusunfave.go index 29d3daa47..0b0cebc73 100644 --- a/internal/api/client/status/statusunfave.go +++ b/internal/api/client/status/statusunfave.go @@ -23,6 +23,7 @@ import ( "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -70,13 +71,18 @@ func (m *Module) StatusUnfavePOSTHandler(c *gin.Context) { }) l.Debugf("entering function") - authed, err := oauth.Authed(c, true, false, true, true) // we don't really need an app here but we want everything else + authed, err := oauth.Authed(c, true, true, true, true) if err != nil { l.Debug("not authed so can't unfave status") c.JSON(http.StatusUnauthorized, gin.H{"error": "not authorized"}) return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + targetStatusID := c.Param(IDKey) if targetStatusID == "" { c.JSON(http.StatusBadRequest, gin.H{"error": "no status id provided"}) diff --git a/internal/api/client/status/statusunfave_test.go b/internal/api/client/status/statusunfave_test.go index 0809840da..3355c6326 100644 --- a/internal/api/client/status/statusunfave_test.go +++ b/internal/api/client/status/statusunfave_test.go @@ -56,6 +56,7 @@ func (suite *StatusUnfaveTestSuite) TestPostUnfave() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.UnfavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") // normally the router would populate these params from the path values, // but because we're calling the function directly, we need to set them manually. @@ -105,6 +106,7 @@ func (suite *StatusUnfaveTestSuite) TestPostAlreadyNotFaved() { ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"]) ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"]) ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080%s", strings.Replace(status.UnfavouritePath, ":id", targetStatus.ID, 1)), nil) // the endpoint we're hitting + ctx.Request.Header.Set("accept", "application/json") // normally the router would populate these params from the path values, // but because we're calling the function directly, we need to set them manually. |