From e2daf0f012a21928ceeba03e5754b5a2233f4016 Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Sat, 11 Dec 2021 17:50:00 +0100 Subject: Add `Accept` header negotiation to relevant API endpoints (#337) * start centralizing negotiation logic for API * swagger document nodeinfo endpoint * go fmt * document negotiate function * use content negotiation * tidy up negotiation logic * negotiate content throughout client api * swagger * remove attachment on Content * add accept header to test requests --- internal/api/client/followrequest/authorize.go | 9 ++++++++- internal/api/client/followrequest/followrequest_test.go | 1 + internal/api/client/followrequest/get.go | 9 ++++++++- internal/api/client/followrequest/reject.go | 6 ++++++ 4 files changed, 23 insertions(+), 2 deletions(-) (limited to 'internal/api/client/followrequest') diff --git a/internal/api/client/followrequest/authorize.go b/internal/api/client/followrequest/authorize.go index 1ab7891a6..1e1a46711 100644 --- a/internal/api/client/followrequest/authorize.go +++ b/internal/api/client/followrequest/authorize.go @@ -19,10 +19,12 @@ package followrequest import ( - "github.com/sirupsen/logrus" "net/http" + "github.com/sirupsen/logrus" + "github.com/gin-gonic/gin" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -76,6 +78,11 @@ func (m *Module) FollowRequestAuthorizePOSTHandler(c *gin.Context) { return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + if authed.User.Disabled || !authed.User.Approved || !authed.Account.SuspendedAt.IsZero() { l.Debugf("couldn't auth: %s", err) c.JSON(http.StatusForbidden, gin.H{"error": "account is disabled, not yet approved, or suspended"}) diff --git a/internal/api/client/followrequest/followrequest_test.go b/internal/api/client/followrequest/followrequest_test.go index e7dccc210..27b8d3db2 100644 --- a/internal/api/client/followrequest/followrequest_test.go +++ b/internal/api/client/followrequest/followrequest_test.go @@ -106,6 +106,7 @@ func (suite *FollowRequestStandardTestSuite) newContext(recorder *httptest.Respo if bodyContentType != "" { ctx.Request.Header.Set("Content-Type", bodyContentType) } + ctx.Request.Header.Set("accept", "application/json") return ctx } diff --git a/internal/api/client/followrequest/get.go b/internal/api/client/followrequest/get.go index de8c83d9a..036e51c8d 100644 --- a/internal/api/client/followrequest/get.go +++ b/internal/api/client/followrequest/get.go @@ -19,10 +19,12 @@ package followrequest import ( - "github.com/sirupsen/logrus" "net/http" + "github.com/sirupsen/logrus" + "github.com/gin-gonic/gin" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -83,6 +85,11 @@ func (m *Module) FollowRequestGETHandler(c *gin.Context) { return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + if authed.User.Disabled || !authed.User.Approved || !authed.Account.SuspendedAt.IsZero() { l.Debugf("couldn't auth: %s", err) c.JSON(http.StatusForbidden, gin.H{"error": "account is disabled, not yet approved, or suspended"}) diff --git a/internal/api/client/followrequest/reject.go b/internal/api/client/followrequest/reject.go index a7fa12e7f..28459b9a6 100644 --- a/internal/api/client/followrequest/reject.go +++ b/internal/api/client/followrequest/reject.go @@ -23,6 +23,7 @@ import ( "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -74,6 +75,11 @@ func (m *Module) FollowRequestRejectPOSTHandler(c *gin.Context) { return } + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + if authed.User.Disabled || !authed.User.Approved || !authed.Account.SuspendedAt.IsZero() { l.Debugf("couldn't auth: %s", err) c.JSON(http.StatusForbidden, gin.H{"error": "account is disabled, not yet approved, or suspended"}) -- cgit v1.3