snac2/mastoapi.c

3113 lines
101 KiB
C
Raw Normal View History

2023-04-08 07:09:05 +03:00
/* snac - A simple, minimalistic ActivityPub instance */
2024-01-04 11:22:03 +03:00
/* copyright (c) 2022 - 2024 grunfink et al. / MIT license */
2023-04-08 07:09:05 +03:00
#ifndef NO_MASTODON_API
2023-04-08 07:09:05 +03:00
#include "xs.h"
2023-11-17 10:51:53 +03:00
#include "xs_hex.h"
2023-04-10 01:08:51 +03:00
#include "xs_openssl.h"
2023-04-08 07:09:05 +03:00
#include "xs_json.h"
2023-04-08 11:29:33 +03:00
#include "xs_io.h"
2023-04-08 07:09:05 +03:00
#include "xs_time.h"
2023-04-28 09:58:33 +03:00
#include "xs_glob.h"
2023-05-15 12:23:36 +03:00
#include "xs_set.h"
#include "xs_random.h"
2023-09-25 19:25:09 +03:00
#include "xs_url.h"
#include "xs_mime.h"
#include "xs_match.h"
2023-04-08 07:09:05 +03:00
#include "snac.h"
2023-04-08 10:09:43 +03:00
static xs_str *random_str(void)
/* just what is says in the tin */
{
unsigned int data[4] = {0};
xs_rnd_buf(data, sizeof(data));
2023-04-08 10:09:43 +03:00
return xs_hex_enc((char *)data, sizeof(data));
}
2023-04-08 11:29:33 +03:00
int app_add(const char *id, const xs_dict *app)
/* stores an app */
{
if (!xs_is_hex(id))
return 500;
2023-04-08 11:29:33 +03:00
int status = 201;
xs *fn = xs_fmt("%s/app/", srv_basedir);
FILE *f;
mkdirx(fn);
fn = xs_str_cat(fn, id);
fn = xs_str_cat(fn, ".json");
if ((f = fopen(fn, "w")) != NULL) {
xs_json_dump(app, 4, f);
2023-04-08 11:29:33 +03:00
fclose(f);
}
else
status = 500;
return status;
}
2023-04-28 09:58:33 +03:00
xs_str *_app_fn(const char *id)
{
return xs_fmt("%s/app/%s.json", srv_basedir, id);
}
2023-04-08 11:29:33 +03:00
xs_dict *app_get(const char *id)
/* gets an app */
{
if (!xs_is_hex(id))
return NULL;
2023-04-28 09:58:33 +03:00
xs *fn = _app_fn(id);
2023-04-08 11:29:33 +03:00
xs_dict *app = NULL;
FILE *f;
if ((f = fopen(fn, "r")) != NULL) {
app = xs_json_load(f);
2023-04-08 11:29:33 +03:00
fclose(f);
}
return app;
}
int app_del(const char *id)
/* deletes an app */
{
if (!xs_is_hex(id))
return -1;
2023-04-28 09:58:33 +03:00
xs *fn = _app_fn(id);
return unlink(fn);
}
2023-04-09 22:31:56 +03:00
int token_add(const char *id, const xs_dict *token)
/* stores a token */
{
if (!xs_is_hex(id))
return 500;
2023-04-09 22:31:56 +03:00
int status = 201;
xs *fn = xs_fmt("%s/token/", srv_basedir);
FILE *f;
mkdirx(fn);
fn = xs_str_cat(fn, id);
fn = xs_str_cat(fn, ".json");
if ((f = fopen(fn, "w")) != NULL) {
xs_json_dump(token, 4, f);
2023-04-09 22:31:56 +03:00
fclose(f);
}
else
status = 500;
return status;
}
xs_dict *token_get(const char *id)
/* gets a token */
{
if (!xs_is_hex(id))
return NULL;
2023-04-09 22:31:56 +03:00
xs *fn = xs_fmt("%s/token/%s.json", srv_basedir, id);
xs_dict *token = NULL;
FILE *f;
if ((f = fopen(fn, "r")) != NULL) {
token = xs_json_load(f);
2023-04-09 22:31:56 +03:00
fclose(f);
}
return token;
}
int token_del(const char *id)
/* deletes a token */
{
if (!xs_is_hex(id))
return -1;
2023-04-09 22:31:56 +03:00
xs *fn = xs_fmt("%s/token/%s.json", srv_basedir, id);
return unlink(fn);
}
const char *login_page = ""
"<!DOCTYPE html>\n"
"<html>\n"
"<head>\n"
"<title>%s OAuth - Snac2</title>\n"
"<style>:root {color-scheme: light dark}</style>\n"
"</head>\n"
2023-04-09 21:34:05 +03:00
"<body><h1>%s OAuth identify</h1>\n"
"<div style=\"background-color: red; color: white\">%s</div>\n"
2024-04-18 18:13:31 +03:00
"<form method=\"post\" action=\"%s:/" "/%s/%s\">\n"
"<p>Login: <input type=\"text\" name=\"login\"></p>\n"
"<p>Password: <input type=\"password\" name=\"passwd\"></p>\n"
"<input type=\"hidden\" name=\"redir\" value=\"%s\">\n"
2023-04-08 11:29:33 +03:00
"<input type=\"hidden\" name=\"cid\" value=\"%s\">\n"
"<input type=\"hidden\" name=\"state\" value=\"%s\">\n"
2023-04-09 21:34:05 +03:00
"<input type=\"submit\" value=\"OK\">\n"
"</form><p>%s</p></body></html>\n"
"";
2023-04-08 10:09:43 +03:00
int oauth_get_handler(const xs_dict *req, const char *q_path,
2023-04-08 07:09:05 +03:00
char **body, int *b_size, char **ctype)
{
2023-05-04 10:28:36 +03:00
(void)b_size;
2023-04-08 08:04:40 +03:00
if (!xs_startswith(q_path, "/oauth/"))
return 0;
int status = 404;
2024-05-21 15:12:15 +03:00
const xs_dict *msg = xs_dict_get(req, "q_vars");
2023-05-02 07:49:00 +03:00
xs *cmd = xs_replace_n(q_path, "/oauth", "", 1);
2023-04-08 08:04:40 +03:00
2023-04-13 10:59:00 +03:00
srv_debug(1, xs_fmt("oauth_get_handler %s", q_path));
2023-04-09 21:34:05 +03:00
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/authorize") == 0) { /** **/
2023-04-08 08:04:40 +03:00
const char *cid = xs_dict_get(msg, "client_id");
const char *ruri = xs_dict_get(msg, "redirect_uri");
const char *rtype = xs_dict_get(msg, "response_type");
const char *state = xs_dict_get(msg, "state");
2023-04-08 11:29:33 +03:00
status = 400;
2023-04-08 08:04:40 +03:00
if (cid && ruri && rtype && strcmp(rtype, "code") == 0) {
2023-04-08 11:29:33 +03:00
xs *app = app_get(cid);
2023-04-08 11:29:33 +03:00
if (app != NULL) {
const char *host = xs_dict_get(srv_config, "host");
2024-04-18 18:13:31 +03:00
const char *proto = xs_dict_get_def(srv_config, "protocol", "https");
2023-04-08 11:29:33 +03:00
if (xs_is_null(state))
state = "";
2024-04-18 18:13:31 +03:00
*body = xs_fmt(login_page, host, host, "", proto, host, "oauth/x-snac-login",
ruri, cid, state, USER_AGENT);
2023-04-08 11:29:33 +03:00
*ctype = "text/html";
status = 200;
2023-04-09 21:34:05 +03:00
2023-05-04 12:53:17 +03:00
srv_debug(1, xs_fmt("oauth authorize: generating login page"));
2023-04-08 11:29:33 +03:00
}
2023-04-09 21:34:05 +03:00
else
2023-05-04 12:53:17 +03:00
srv_debug(1, xs_fmt("oauth authorize: bad client_id %s", cid));
2023-04-08 08:04:40 +03:00
}
2023-04-09 21:34:05 +03:00
else
2023-05-04 12:53:17 +03:00
srv_debug(1, xs_fmt("oauth authorize: invalid or unset arguments"));
2023-04-08 08:04:40 +03:00
}
2023-05-04 12:52:04 +03:00
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/x-snac-get-token") == 0) { /** **/
2023-05-04 12:52:04 +03:00
const char *host = xs_dict_get(srv_config, "host");
2024-04-18 18:13:31 +03:00
const char *proto = xs_dict_get_def(srv_config, "protocol", "https");
2023-05-04 12:52:04 +03:00
2024-04-18 18:13:31 +03:00
*body = xs_fmt(login_page, host, host, "", proto, host, "oauth/x-snac-get-token",
2023-05-04 12:52:04 +03:00
"", "", "", USER_AGENT);
*ctype = "text/html";
status = 200;
}
2023-04-08 10:09:43 +03:00
return status;
}
int oauth_post_handler(const xs_dict *req, const char *q_path,
2023-04-09 21:34:05 +03:00
const char *payload, int p_size,
char **body, int *b_size, char **ctype)
2023-04-08 10:09:43 +03:00
{
2023-05-04 10:28:36 +03:00
(void)p_size;
(void)b_size;
2023-04-08 10:09:43 +03:00
if (!xs_startswith(q_path, "/oauth/"))
return 0;
int status = 404;
2024-05-21 15:12:15 +03:00
const char *i_ctype = xs_dict_get(req, "content-type");
xs *args = NULL;
if (i_ctype && xs_startswith(i_ctype, "application/json")) {
if (!xs_is_null(payload))
args = xs_json_loads(payload);
}
else
if (i_ctype && xs_startswith(i_ctype, "application/x-www-form-urlencoded") && payload) {
xs *upl = xs_url_dec(payload);
args = xs_url_vars(upl);
}
else
args = xs_dup(xs_dict_get(req, "p_vars"));
if (args == NULL)
return 400;
2023-05-02 07:49:00 +03:00
xs *cmd = xs_replace_n(q_path, "/oauth", "", 1);
2023-04-08 10:09:43 +03:00
2023-04-13 10:59:00 +03:00
srv_debug(1, xs_fmt("oauth_post_handler %s", q_path));
2023-04-09 21:34:05 +03:00
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/x-snac-login") == 0) { /** **/
const char *login = xs_dict_get(args, "login");
const char *passwd = xs_dict_get(args, "passwd");
const char *redir = xs_dict_get(args, "redir");
const char *cid = xs_dict_get(args, "cid");
const char *state = xs_dict_get(args, "state");
2024-04-18 18:13:31 +03:00
const char *host = xs_dict_get(srv_config, "host");
const char *proto = xs_dict_get_def(srv_config, "protocol", "https");
2023-04-09 21:34:05 +03:00
/* by default, generate another login form with an error */
2024-04-18 18:13:31 +03:00
*body = xs_fmt(login_page, host, host, "LOGIN INCORRECT", proto, host, "oauth/x-snac-login",
redir, cid, state, USER_AGENT);
2023-04-09 21:34:05 +03:00
*ctype = "text/html";
status = 200;
if (login && passwd && redir && cid) {
snac snac;
2023-04-08 10:09:43 +03:00
2023-04-09 21:34:05 +03:00
if (user_open(&snac, login)) {
/* check the login + password */
if (check_password(login, passwd, xs_dict_get(snac.config, "passwd"))) {
2023-04-09 21:34:05 +03:00
/* success! redirect to the desired uri */
xs *code = random_str();
xs_free(*body);
if (strcmp(redir, "urn:ietf:wg:oauth:2.0:oob") == 0) {
*body = xs_dup(code);
}
else {
2024-04-27 09:30:56 +03:00
if (xs_str_in(redir, "?") != -1)
*body = xs_fmt("%s&code=%s", redir, code);
else
*body = xs_fmt("%s?code=%s", redir, code);
status = 303;
}
2023-04-09 21:34:05 +03:00
/* if there is a state, add it */
if (!xs_is_null(state) && *state) {
*body = xs_str_cat(*body, "&state=");
*body = xs_str_cat(*body, state);
}
2023-04-13 10:59:00 +03:00
srv_log(xs_fmt("oauth x-snac-login: '%s' success, redirect to %s",
login, *body));
2023-04-09 22:31:56 +03:00
/* assign the login to the app */
xs *app = app_get(cid);
if (app != NULL) {
app = xs_dict_set(app, "uid", login);
app = xs_dict_set(app, "code", code);
app_add(cid, app);
}
else
srv_log(xs_fmt("oauth x-snac-login: error getting app %s", cid));
2023-04-09 21:34:05 +03:00
}
else
2023-04-13 10:59:00 +03:00
srv_debug(1, xs_fmt("oauth x-snac-login: login '%s' incorrect", login));
2023-04-09 21:34:05 +03:00
user_free(&snac);
}
else
2023-04-13 10:59:00 +03:00
srv_debug(1, xs_fmt("oauth x-snac-login: bad user '%s'", login));
2023-04-09 21:34:05 +03:00
}
else
2023-04-13 10:59:00 +03:00
srv_debug(1, xs_fmt("oauth x-snac-login: invalid or unset arguments"));
2023-04-09 21:34:05 +03:00
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/token") == 0) { /** **/
xs *wrk = NULL;
const char *gtype = xs_dict_get(args, "grant_type");
const char *code = xs_dict_get(args, "code");
const char *cid = xs_dict_get(args, "client_id");
const char *csec = xs_dict_get(args, "client_secret");
const char *ruri = xs_dict_get(args, "redirect_uri");
/* FIXME: this 'scope' parameter is mandatory for the official Mastodon API,
but if it's enabled, it makes it crash after some more steps, which
is FAR WORSE */
const char *scope = NULL;
// scope = xs_dict_get(args, "scope");
/* no client_secret? check if it's inside an authorization header
(AndStatus does it this way) */
if (xs_is_null(csec)) {
const char *auhdr = xs_dict_get(req, "authorization");
if (!xs_is_null(auhdr) && xs_startswith(auhdr, "Basic ")) {
2023-05-02 07:49:00 +03:00
xs *s1 = xs_replace_n(auhdr, "Basic ", "", 1);
int size;
xs *s2 = xs_base64_dec(s1, &size);
if (!xs_is_null(s2)) {
xs *l1 = xs_split(s2, ":");
if (xs_list_len(l1) == 2) {
wrk = xs_dup(xs_list_get(l1, 1));
csec = wrk;
}
}
}
}
2023-04-08 08:04:40 +03:00
2024-03-12 09:03:44 +03:00
/* no code?
I'm not sure of the impacts of this right now, but Subway Tooter does not
provide a code so one must be generated */
2024-01-29 00:14:46 +03:00
if (xs_is_null(code)){
code = random_str();
}
2023-04-08 08:04:40 +03:00
if (gtype && code && cid && csec && ruri) {
2023-04-09 22:31:56 +03:00
xs *app = app_get(cid);
2023-04-08 08:04:40 +03:00
2023-04-09 22:31:56 +03:00
if (app == NULL) {
status = 401;
srv_log(xs_fmt("oauth token: invalid app %s", cid));
}
else
if (strcmp(csec, xs_dict_get(app, "client_secret")) != 0) {
status = 401;
srv_log(xs_fmt("oauth token: invalid client_secret for app %s", cid));
}
else {
xs *rsp = xs_dict_new();
xs *cat = xs_number_new(time(NULL));
xs *tokid = random_str();
2023-04-08 08:04:40 +03:00
2023-04-09 22:31:56 +03:00
rsp = xs_dict_append(rsp, "access_token", tokid);
rsp = xs_dict_append(rsp, "token_type", "Bearer");
rsp = xs_dict_append(rsp, "created_at", cat);
if (!xs_is_null(scope))
rsp = xs_dict_append(rsp, "scope", scope);
*body = xs_json_dumps(rsp, 4);
2023-04-09 22:31:56 +03:00
*ctype = "application/json";
status = 200;
const char *uid = xs_dict_get(app, "uid");
2023-05-04 12:53:17 +03:00
srv_debug(1, xs_fmt("oauth token: "
2023-04-09 22:31:56 +03:00
"successful login for %s, new token %s", uid, tokid));
xs *token = xs_dict_new();
token = xs_dict_append(token, "token", tokid);
token = xs_dict_append(token, "client_id", cid);
token = xs_dict_append(token, "client_secret", csec);
token = xs_dict_append(token, "uid", uid);
token = xs_dict_append(token, "code", code);
2023-04-09 21:34:05 +03:00
2023-04-09 22:31:56 +03:00
token_add(tokid, token);
}
2023-04-08 08:04:40 +03:00
}
2023-04-09 21:34:05 +03:00
else {
2023-05-04 12:53:17 +03:00
srv_debug(1, xs_fmt("oauth token: invalid or unset arguments"));
2023-04-08 08:04:40 +03:00
status = 400;
2023-04-09 21:34:05 +03:00
}
2023-04-08 08:04:40 +03:00
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/revoke") == 0) { /** **/
const char *cid = xs_dict_get(args, "client_id");
const char *csec = xs_dict_get(args, "client_secret");
const char *tokid = xs_dict_get(args, "token");
2023-04-09 22:31:56 +03:00
if (cid && csec && tokid) {
xs *token = token_get(tokid);
2023-04-08 10:09:43 +03:00
*body = xs_str_new("{}");
*ctype = "application/json";
2023-04-09 22:31:56 +03:00
if (token == NULL || strcmp(csec, xs_dict_get(token, "client_secret")) != 0) {
2023-04-13 10:59:00 +03:00
srv_debug(1, xs_fmt("oauth revoke: bad secret for token %s", tokid));
2023-04-09 22:31:56 +03:00
status = 403;
}
else {
token_del(tokid);
2023-05-04 12:53:17 +03:00
srv_debug(1, xs_fmt("oauth revoke: revoked token %s", tokid));
2023-04-09 22:31:56 +03:00
status = 200;
/* also delete the app, as it serves no purpose from now on */
app_del(cid);
2023-04-09 22:31:56 +03:00
}
}
else {
2023-05-04 12:53:17 +03:00
srv_debug(1, xs_fmt("oauth revoke: invalid or unset arguments"));
2023-04-09 22:31:56 +03:00
status = 403;
2023-04-08 10:09:43 +03:00
}
2023-04-08 08:04:40 +03:00
}
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/x-snac-get-token") == 0) { /** **/
2023-05-04 12:52:04 +03:00
const char *login = xs_dict_get(args, "login");
const char *passwd = xs_dict_get(args, "passwd");
2024-04-18 18:13:31 +03:00
const char *host = xs_dict_get(srv_config, "host");
const char *proto = xs_dict_get_def(srv_config, "protocol", "https");
2023-05-04 12:52:04 +03:00
/* by default, generate another login form with an error */
2024-04-18 18:13:31 +03:00
*body = xs_fmt(login_page, host, host, "LOGIN INCORRECT", proto, host, "oauth/x-snac-get-token",
2023-05-04 12:52:04 +03:00
"", "", "", USER_AGENT);
*ctype = "text/html";
status = 200;
if (login && passwd) {
snac user;
if (user_open(&user, login)) {
/* check the login + password */
if (check_password(login, passwd, xs_dict_get(user.config, "passwd"))) {
/* success! create a new token */
xs *tokid = random_str();
srv_debug(1, xs_fmt("x-snac-new-token: "
"successful login for %s, new token %s", login, tokid));
xs *token = xs_dict_new();
token = xs_dict_append(token, "token", tokid);
token = xs_dict_append(token, "client_id", "snac-client");
token = xs_dict_append(token, "client_secret", "");
token = xs_dict_append(token, "uid", login);
token = xs_dict_append(token, "code", "");
token_add(tokid, token);
*ctype = "text/plain";
xs_free(*body);
*body = xs_dup(tokid);
}
user_free(&user);
}
}
}
2023-04-08 08:04:40 +03:00
return status;
}
2023-04-08 07:09:05 +03:00
xs_str *mastoapi_id(const xs_dict *msg)
/* returns a somewhat Mastodon-compatible status id */
{
const char *id = xs_dict_get(msg, "id");
xs *md5 = xs_md5_hex(id, strlen(id));
return xs_fmt("%10.0f%s", object_ctime_by_md5(md5), md5);
}
#define MID_TO_MD5(id) (id + 10)
xs_dict *mastoapi_account(const xs_dict *actor)
/* converts an ActivityPub actor to a Mastodon account */
2023-04-11 10:50:12 +03:00
{
const char *id = xs_dict_get(actor, "id");
const char *pub = xs_dict_get(actor, "published");
if (xs_type(id) != XSTYPE_STRING)
return NULL;
2023-05-15 12:38:29 +03:00
const char *prefu = xs_dict_get(actor, "preferredUsername");
2023-04-11 10:50:12 +03:00
const char *display_name = xs_dict_get(actor, "name");
if (xs_is_null(display_name) || *display_name == '\0')
2023-05-15 12:38:29 +03:00
display_name = prefu;
2023-04-11 10:50:12 +03:00
xs_dict *acct = xs_dict_new();
xs *acct_md5 = xs_md5_hex(id, strlen(id));
2023-04-11 10:50:12 +03:00
acct = xs_dict_append(acct, "id", acct_md5);
2023-05-15 12:38:29 +03:00
acct = xs_dict_append(acct, "username", prefu);
2023-04-11 10:50:12 +03:00
acct = xs_dict_append(acct, "display_name", display_name);
2024-03-15 06:10:11 +03:00
acct = xs_dict_append(acct, "discoverable", xs_stock(XSTYPE_TRUE));
acct = xs_dict_append(acct, "group", xs_stock(XSTYPE_FALSE));
acct = xs_dict_append(acct, "hide_collections", xs_stock(XSTYPE_FALSE));
acct = xs_dict_append(acct, "indexable", xs_stock(XSTYPE_TRUE));
acct = xs_dict_append(acct, "noindex", xs_stock(XSTYPE_FALSE));
acct = xs_dict_append(acct, "roles", xs_stock(XSTYPE_LIST));
2023-04-11 10:50:12 +03:00
{
/* create the acct field as user@host */
xs *l = xs_split(id, "/");
2023-05-15 12:38:29 +03:00
xs *fquid = xs_fmt("%s@%s", prefu, xs_list_get(l, 2));
acct = xs_dict_append(acct, "acct", fquid);
}
2023-04-11 10:50:12 +03:00
if (pub)
acct = xs_dict_append(acct, "created_at", pub);
else {
/* unset created_at crashes Tusky, so lie like a mf */
2023-05-29 10:07:27 +03:00
xs *date = xs_str_utctime(0, ISO_DATE_SPEC);
acct = xs_dict_append(acct, "created_at", date);
}
2023-04-11 10:50:12 +03:00
2024-04-27 09:02:47 +03:00
xs *last_status_at = xs_str_utctime(0, "%Y-%m-%d");
acct = xs_dict_append(acct, "last_status_at", last_status_at);
const char *note = xs_dict_get(actor, "summary");
if (xs_is_null(note))
note = "";
if (strcmp(xs_dict_get(actor, "type"), "Service") == 0)
2024-03-15 06:10:11 +03:00
acct = xs_dict_append(acct, "bot", xs_stock(XSTYPE_TRUE));
else
2024-03-15 06:10:11 +03:00
acct = xs_dict_append(acct, "bot", xs_stock(XSTYPE_FALSE));
acct = xs_dict_append(acct, "note", note);
2023-04-24 18:37:59 +03:00
acct = xs_dict_append(acct, "url", id);
acct = xs_dict_append(acct, "uri", id);
2023-04-11 10:50:12 +03:00
xs *avatar = NULL;
2024-05-21 15:12:15 +03:00
const xs_dict *av = xs_dict_get(actor, "icon");
2023-04-11 10:50:12 +03:00
2023-10-16 19:40:43 +03:00
if (xs_type(av) == XSTYPE_DICT) {
2024-05-21 15:12:15 +03:00
const char *url = xs_dict_get(av, "url");
2023-10-16 19:40:43 +03:00
if (url != NULL)
avatar = xs_dup(url);
}
if (avatar == NULL)
2023-04-11 10:50:12 +03:00
avatar = xs_fmt("%s/susie.png", srv_baseurl);
acct = xs_dict_append(acct, "avatar", avatar);
acct = xs_dict_append(acct, "avatar_static", avatar);
xs *header = NULL;
2024-05-21 15:12:15 +03:00
const xs_dict *hd = xs_dict_get(actor, "image");
if (xs_type(hd) == XSTYPE_DICT)
header = xs_dup(xs_dict_get(hd, "url"));
if (xs_is_null(header))
header = xs_fmt("%s/header.png", srv_baseurl);
acct = xs_dict_append(acct, "header", header);
acct = xs_dict_append(acct, "header_static", header);
2023-04-11 10:50:12 +03:00
2023-04-24 18:37:59 +03:00
/* emojis */
2024-05-21 15:12:15 +03:00
const xs_list *p;
2023-04-24 18:37:59 +03:00
if (!xs_is_null(p = xs_dict_get(actor, "tag"))) {
xs *eml = xs_list_new();
xs_dict *v;
2024-05-21 15:12:15 +03:00
int c = 0;
2023-04-24 18:37:59 +03:00
2024-05-21 15:12:15 +03:00
while (xs_list_next(p, &v, &c)) {
2023-04-24 18:37:59 +03:00
const char *type = xs_dict_get(v, "type");
if (!xs_is_null(type) && strcmp(type, "Emoji") == 0) {
const char *name = xs_dict_get(v, "name");
const xs_dict *icon = xs_dict_get(v, "icon");
if (!xs_is_null(name) && !xs_is_null(icon)) {
const char *url = xs_dict_get(icon, "url");
if (!xs_is_null(url)) {
xs *nm = xs_strip_chars_i(xs_dup(name), ":");
xs *d1 = xs_dict_new();
d1 = xs_dict_append(d1, "shortcode", nm);
d1 = xs_dict_append(d1, "url", url);
d1 = xs_dict_append(d1, "static_url", url);
2024-03-15 06:10:11 +03:00
d1 = xs_dict_append(d1, "visible_in_picker", xs_stock(XSTYPE_TRUE));
2023-04-24 18:37:59 +03:00
eml = xs_list_append(eml, d1);
}
}
}
}
acct = xs_dict_append(acct, "emojis", eml);
}
2024-03-15 06:10:11 +03:00
acct = xs_dict_append(acct, "locked", xs_stock(XSTYPE_FALSE));
acct = xs_dict_append(acct, "followers_count", xs_stock(0));
acct = xs_dict_append(acct, "following_count", xs_stock(0));
acct = xs_dict_append(acct, "statuses_count", xs_stock(0));
xs *fields = xs_list_new();
p = xs_dict_get(actor, "attachment");
xs_dict *v;
/* dict of validated links */
xs_dict *val_links = NULL;
2024-05-21 15:12:15 +03:00
const xs_dict *metadata = xs_stock(XSTYPE_DICT);
snac user = {0};
if (xs_startswith(id, srv_baseurl)) {
/* if it's a local user, open it and pick its validated links */
if (user_open(&user, prefu)) {
val_links = user.links;
2024-03-15 06:10:11 +03:00
metadata = xs_dict_get_def(user.config, "metadata", xs_stock(XSTYPE_DICT));
}
}
if (xs_is_null(val_links))
2024-03-15 06:10:11 +03:00
val_links = xs_stock(XSTYPE_DICT);
2024-05-21 15:12:15 +03:00
int c = 0;
while (xs_list_next(p, &v, &c)) {
const char *type = xs_dict_get(v, "type");
const char *name = xs_dict_get(v, "name");
const char *value = xs_dict_get(v, "value");
if (!xs_is_null(type) && !xs_is_null(name) &&
!xs_is_null(value) && strcmp(type, "PropertyValue") == 0) {
xs *val_date = NULL;
2024-05-21 15:12:15 +03:00
const char *url = xs_dict_get(metadata, name);
if (!xs_is_null(url) && xs_startswith(url, "https:/" "/")) {
2024-05-21 15:12:15 +03:00
const xs_number *verified_time = xs_dict_get(val_links, url);
if (xs_type(verified_time) == XSTYPE_NUMBER) {
time_t t = xs_number_get(verified_time);
if (t > 0)
val_date = xs_str_utctime(t, ISO_DATE_SPEC);
}
}
xs *d = xs_dict_new();
d = xs_dict_append(d, "name", name);
d = xs_dict_append(d, "value", value);
d = xs_dict_append(d, "verified_at",
xs_type(val_date) == XSTYPE_STRING && *val_date ?
2024-03-15 06:10:11 +03:00
val_date : xs_stock(XSTYPE_NULL));
fields = xs_list_append(fields, d);
}
}
user_free(&user);
acct = xs_dict_append(acct, "fields", fields);
return acct;
}
2024-05-21 15:12:15 +03:00
xs_str *mastoapi_date(const char *date)
/* converts an ISO 8601 date to whatever format Mastodon uses */
{
xs_str *s = xs_crop_i(xs_dup(date), 0, 19);
s = xs_str_cat(s, ".000Z");
return s;
}
2023-05-31 19:35:50 +03:00
xs_dict *mastoapi_poll(snac *snac, const xs_dict *msg)
/* creates a mastoapi Poll object */
{
2023-06-01 09:13:58 +03:00
xs_dict *poll = xs_dict_new();
xs *mid = mastoapi_id(msg);
2024-05-21 15:12:15 +03:00
const xs_list *opts = NULL;
2023-06-01 09:13:58 +03:00
xs_val *v;
int num_votes = 0;
xs *options = xs_list_new();
poll = xs_dict_append(poll, "id", mid);
2024-05-21 15:12:15 +03:00
const char *date = xs_dict_get(msg, "endTime");
2024-05-06 06:54:46 +03:00
if (date == NULL)
date = xs_dict_get(msg, "closed");
if (date == NULL)
return NULL;
xs *fd = mastoapi_date(date);
poll = xs_dict_append(poll, "expires_at", fd);
2024-05-06 06:54:46 +03:00
date = xs_dict_get(msg, "closed");
time_t t = 0;
if (date != NULL)
t = xs_parse_iso_date(date, 0);
poll = xs_dict_append(poll, "expired",
2024-05-06 06:54:46 +03:00
t < time(NULL) ? xs_stock(XSTYPE_FALSE) : xs_stock(XSTYPE_TRUE));
2023-06-01 09:13:58 +03:00
if ((opts = xs_dict_get(msg, "oneOf")) != NULL)
2024-03-15 06:10:11 +03:00
poll = xs_dict_append(poll, "multiple", xs_stock(XSTYPE_FALSE));
2023-06-01 09:13:58 +03:00
else {
opts = xs_dict_get(msg, "anyOf");
2024-03-15 06:10:11 +03:00
poll = xs_dict_append(poll, "multiple", xs_stock(XSTYPE_TRUE));
2023-06-01 09:13:58 +03:00
}
2023-05-31 19:35:50 +03:00
2024-05-21 15:12:15 +03:00
int c = 0;
while (xs_list_next(opts, &v, &c)) {
2023-06-01 09:13:58 +03:00
const char *title = xs_dict_get(v, "name");
const char *replies = xs_dict_get(v, "replies");
2023-05-31 19:35:50 +03:00
2023-06-01 09:13:58 +03:00
if (title && replies) {
const char *votes_count = xs_dict_get(replies, "totalItems");
2023-05-31 19:35:50 +03:00
2023-06-01 09:13:58 +03:00
if (xs_type(votes_count) == XSTYPE_NUMBER) {
xs *d = xs_dict_new();
d = xs_dict_append(d, "title", title);
d = xs_dict_append(d, "votes_count", votes_count);
2023-05-31 19:35:50 +03:00
2023-06-01 09:13:58 +03:00
options = xs_list_append(options, d);
num_votes += xs_number_get(votes_count);
2023-05-31 19:35:50 +03:00
}
}
2023-06-01 09:13:58 +03:00
}
2023-05-31 19:35:50 +03:00
2023-06-01 09:13:58 +03:00
poll = xs_dict_append(poll, "options", options);
xs *vc = xs_number_new(num_votes);
poll = xs_dict_append(poll, "votes_count", vc);
2023-05-31 19:35:50 +03:00
2023-06-01 09:13:58 +03:00
poll = xs_dict_append(poll, "voted",
(snac && was_question_voted(snac, xs_dict_get(msg, "id"))) ?
2024-03-15 06:10:11 +03:00
xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
2023-05-31 19:35:50 +03:00
return poll;
}
xs_dict *mastoapi_status(snac *snac, const xs_dict *msg)
/* converts an ActivityPub note to a Mastodon status */
{
xs *actor = NULL;
actor_get_refresh(snac, get_atto(msg), &actor);
/* if the author is not here, discard */
if (actor == NULL)
return NULL;
2023-06-01 09:13:58 +03:00
const char *type = xs_dict_get(msg, "type");
const char *id = xs_dict_get(msg, "id");
/* fail if it's not a valid actor */
if (xs_is_null(type) || xs_is_null(id))
return NULL;
xs *acct = mastoapi_account(actor);
if (acct == NULL)
return NULL;
2023-04-11 10:50:12 +03:00
xs *idx = NULL;
xs *ixc = NULL;
2024-05-21 15:12:15 +03:00
const char *tmp;
xs *mid = mastoapi_id(msg);
2023-04-11 10:50:12 +03:00
xs_dict *st = xs_dict_new();
st = xs_dict_append(st, "id", mid);
st = xs_dict_append(st, "uri", id);
st = xs_dict_append(st, "url", id);
st = xs_dict_append(st, "account", acct);
xs *fd = mastoapi_date(xs_dict_get(msg, "published"));
st = xs_dict_append(st, "created_at", fd);
{
const char *content = xs_dict_get(msg, "content");
const char *name = xs_dict_get(msg, "name");
xs *s1 = NULL;
if (name && content)
s1 = xs_fmt("%s<br><br>%s", name, content);
else
if (name)
s1 = xs_dup(name);
else
if (content)
s1 = xs_dup(content);
else
s1 = xs_str_new(NULL);
st = xs_dict_append(st, "content", s1);
}
2023-04-11 10:50:12 +03:00
st = xs_dict_append(st, "visibility",
is_msg_public(msg) ? "public" : "private");
2023-04-11 10:50:12 +03:00
tmp = xs_dict_get(msg, "sensitive");
if (xs_is_null(tmp))
2024-03-15 06:10:11 +03:00
tmp = xs_stock(XSTYPE_FALSE);
2023-04-11 10:50:12 +03:00
st = xs_dict_append(st, "sensitive", tmp);
tmp = xs_dict_get(msg, "summary");
if (xs_is_null(tmp))
tmp = "";
st = xs_dict_append(st, "spoiler_text", tmp);
/* create the list of attachments */
xs *attach = get_attachments(msg);
{
xs_list *p = attach;
xs_dict *v;
xs *matt = xs_list_new();
while (xs_list_iter(&p, &v)) {
2024-05-21 15:12:15 +03:00
const char *type = xs_dict_get(v, "type");
const char *href = xs_dict_get(v, "href");
const char *name = xs_dict_get(v, "name");
if (xs_match(type, "image/*|video/*|Image|Video")) { /* */
2023-04-26 22:07:00 +03:00
xs *matteid = xs_fmt("%s_%d", id, xs_list_len(matt));
2023-04-11 10:50:12 +03:00
xs *d = xs_dict_new();
d = xs_dict_append(d, "id", matteid);
d = xs_dict_append(d, "url", href);
d = xs_dict_append(d, "preview_url", href);
d = xs_dict_append(d, "remote_url", href);
d = xs_dict_append(d, "description", name);
d = xs_dict_append(d, "type", (*type == 'v' || *type == 'V') ? "video" : "image");
2023-04-11 10:50:12 +03:00
matt = xs_list_append(matt, d);
2023-04-26 22:07:00 +03:00
}
2023-04-11 10:50:12 +03:00
}
st = xs_dict_append(st, "media_attachments", matt);
}
2023-04-11 10:50:12 +03:00
2023-04-24 18:05:34 +03:00
{
xs *ml = xs_list_new();
xs *htl = xs_list_new();
xs *eml = xs_list_new();
2024-05-21 15:12:15 +03:00
const xs_list *tag = xs_dict_get(msg, "tag");
2023-04-24 18:05:34 +03:00
int n = 0;
xs *tag_list = NULL;
if (xs_type(tag) == XSTYPE_DICT) {
tag_list = xs_list_new();
tag_list = xs_list_append(tag_list, tag);
}
else
if (xs_type(tag) == XSTYPE_LIST)
tag_list = xs_dup(tag);
else
tag_list = xs_list_new();
tag = tag_list;
xs_dict *v;
2024-05-21 15:12:15 +03:00
int c = 0;
while (xs_list_next(tag, &v, &c)) {
2023-04-24 18:05:34 +03:00
const char *type = xs_dict_get(v, "type");
if (xs_is_null(type))
continue;
xs *d1 = xs_dict_new();
if (strcmp(type, "Mention") == 0) {
const char *name = xs_dict_get(v, "name");
const char *href = xs_dict_get(v, "href");
if (!xs_is_null(name) && !xs_is_null(href) &&
(snac == NULL || strcmp(href, snac->actor) != 0)) {
2023-04-24 18:05:34 +03:00
xs *nm = xs_strip_chars_i(xs_dup(name), "@");
xs *id = xs_fmt("%d", n++);
d1 = xs_dict_append(d1, "id", id);
d1 = xs_dict_append(d1, "username", nm);
d1 = xs_dict_append(d1, "acct", nm);
d1 = xs_dict_append(d1, "url", href);
ml = xs_list_append(ml, d1);
}
}
else
if (strcmp(type, "Hashtag") == 0) {
const char *name = xs_dict_get(v, "name");
const char *href = xs_dict_get(v, "href");
if (!xs_is_null(name) && !xs_is_null(href)) {
xs *nm = xs_strip_chars_i(xs_dup(name), "#");
d1 = xs_dict_append(d1, "name", nm);
d1 = xs_dict_append(d1, "url", href);
htl = xs_list_append(htl, d1);
}
}
2023-04-24 18:25:32 +03:00
else
if (strcmp(type, "Emoji") == 0) {
const char *name = xs_dict_get(v, "name");
const xs_dict *icon = xs_dict_get(v, "icon");
if (!xs_is_null(name) && !xs_is_null(icon)) {
const char *url = xs_dict_get(icon, "url");
if (!xs_is_null(url)) {
xs *nm = xs_strip_chars_i(xs_dup(name), ":");
d1 = xs_dict_append(d1, "shortcode", nm);
d1 = xs_dict_append(d1, "url", url);
d1 = xs_dict_append(d1, "static_url", url);
2024-03-15 06:10:11 +03:00
d1 = xs_dict_append(d1, "visible_in_picker", xs_stock(XSTYPE_TRUE));
2023-04-24 18:25:32 +03:00
d1 = xs_dict_append(d1, "category", "Emojis");
eml = xs_list_append(eml, d1);
}
}
}
2023-04-24 18:05:34 +03:00
}
st = xs_dict_append(st, "mentions", ml);
st = xs_dict_append(st, "tags", htl);
st = xs_dict_append(st, "emojis", eml);
}
2023-04-11 10:50:12 +03:00
xs_free(idx);
xs_free(ixc);
idx = object_likes(id);
ixc = xs_number_new(xs_list_len(idx));
st = xs_dict_append(st, "favourites_count", ixc);
st = xs_dict_append(st, "favourited",
2024-03-15 06:10:11 +03:00
(snac && xs_list_in(idx, snac->md5) != -1) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
2023-04-11 10:50:12 +03:00
xs_free(idx);
xs_free(ixc);
idx = object_announces(id);
ixc = xs_number_new(xs_list_len(idx));
st = xs_dict_append(st, "reblogs_count", ixc);
st = xs_dict_append(st, "reblogged",
2024-03-15 06:10:11 +03:00
(snac && xs_list_in(idx, snac->md5) != -1) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
2023-04-11 10:50:12 +03:00
/* get the last person who boosted this */
xs *boosted_by_md5 = NULL;
if (xs_list_len(idx))
boosted_by_md5 = xs_dup(xs_list_get(idx, -1));
2023-04-11 10:50:12 +03:00
xs_free(idx);
xs_free(ixc);
idx = object_children(id);
ixc = xs_number_new(xs_list_len(idx));
st = xs_dict_append(st, "replies_count", ixc);
/* default in_reply_to values */
2024-03-15 06:10:11 +03:00
st = xs_dict_append(st, "in_reply_to_id", xs_stock(XSTYPE_NULL));
st = xs_dict_append(st, "in_reply_to_account_id", xs_stock(XSTYPE_NULL));
2023-04-11 10:50:12 +03:00
tmp = xs_dict_get(msg, "inReplyTo");
if (!xs_is_null(tmp)) {
xs *irto = NULL;
if (valid_status(object_get(tmp, &irto))) {
xs *irt_mid = mastoapi_id(irto);
st = xs_dict_set(st, "in_reply_to_id", irt_mid);
2024-05-21 15:12:15 +03:00
const char *at = NULL;
if (!xs_is_null(at = get_atto(irto))) {
2023-04-11 10:50:12 +03:00
xs *at_md5 = xs_md5_hex(at, strlen(at));
st = xs_dict_set(st, "in_reply_to_account_id", at_md5);
}
}
}
2024-03-15 06:10:11 +03:00
st = xs_dict_append(st, "reblog", xs_stock(XSTYPE_NULL));
st = xs_dict_append(st, "card", xs_stock(XSTYPE_NULL));
2024-04-27 09:02:47 +03:00
st = xs_dict_append(st, "language", "en");
st = xs_dict_append(st, "filtered", xs_stock(XSTYPE_LIST));
st = xs_dict_append(st, "muted", xs_stock(XSTYPE_FALSE));
2023-04-11 10:50:12 +03:00
tmp = xs_dict_get(msg, "sourceContent");
if (xs_is_null(tmp))
tmp = "";
st = xs_dict_append(st, "text", tmp);
tmp = xs_dict_get(msg, "updated");
xs *fd2 = NULL;
2023-04-11 10:50:12 +03:00
if (xs_is_null(tmp))
2024-03-15 06:10:11 +03:00
tmp = xs_stock(XSTYPE_NULL);
else {
fd2 = mastoapi_date(tmp);
tmp = fd2;
}
2023-04-11 10:50:12 +03:00
st = xs_dict_append(st, "edited_at", tmp);
2023-04-11 10:50:12 +03:00
2023-06-01 09:13:58 +03:00
if (strcmp(type, "Question") == 0) {
xs *poll = mastoapi_poll(snac, msg);
2023-05-31 11:49:08 +03:00
st = xs_dict_append(st, "poll", poll);
2023-06-01 09:13:58 +03:00
}
else
2024-03-15 06:10:11 +03:00
st = xs_dict_append(st, "poll", xs_stock(XSTYPE_NULL));
2024-03-15 06:10:11 +03:00
st = xs_dict_append(st, "bookmarked", xs_stock(XSTYPE_FALSE));
st = xs_dict_append(st, "pinned",
2024-03-15 06:10:11 +03:00
(snac && is_pinned(snac, id)) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
2023-05-31 11:49:08 +03:00
/* is it a boost? */
if (!xs_is_null(boosted_by_md5)) {
/* create a new dummy status, using st as the 'reblog' field */
2023-10-13 10:29:55 +03:00
xs_dict *bst = xs_dup(st);
xs *b_actor = NULL;
if (valid_status(object_get_by_md5(boosted_by_md5, &b_actor))) {
xs *b_acct = mastoapi_account(b_actor);
2023-10-13 10:14:11 +03:00
xs *fake_uri = NULL;
if (snac)
fake_uri = xs_fmt("%s/d/%s/Announce", snac->actor, mid);
else
fake_uri = xs_fmt("%s#%s", srv_baseurl, mid);
2023-10-13 10:29:55 +03:00
bst = xs_dict_set(bst, "uri", fake_uri);
bst = xs_dict_set(bst, "url", fake_uri);
bst = xs_dict_set(bst, "account", b_acct);
bst = xs_dict_set(bst, "content", "");
bst = xs_dict_set(bst, "reblog", st);
xs_free(st);
st = bst;
}
}
2023-04-11 10:50:12 +03:00
return st;
}
2023-04-23 09:44:26 +03:00
xs_dict *mastoapi_relationship(snac *snac, const char *md5)
{
xs_dict *rel = NULL;
xs *actor_o = NULL;
if (valid_status(object_get_by_md5(md5, &actor_o))) {
rel = xs_dict_new();
const char *actor = xs_dict_get(actor_o, "id");
rel = xs_dict_append(rel, "id", md5);
rel = xs_dict_append(rel, "following",
2024-03-15 06:10:11 +03:00
following_check(snac, actor) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
2023-04-23 09:44:26 +03:00
2024-03-15 06:10:11 +03:00
rel = xs_dict_append(rel, "showing_reblogs", xs_stock(XSTYPE_TRUE));
rel = xs_dict_append(rel, "notifying", xs_stock(XSTYPE_FALSE));
2023-04-23 09:44:26 +03:00
rel = xs_dict_append(rel, "followed_by",
2024-03-15 06:10:11 +03:00
follower_check(snac, actor) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
2023-04-23 09:44:26 +03:00
rel = xs_dict_append(rel, "blocking",
2024-03-15 06:10:11 +03:00
is_muted(snac, actor) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
2023-04-23 09:44:26 +03:00
2024-03-15 06:10:11 +03:00
rel = xs_dict_append(rel, "muting", xs_stock(XSTYPE_FALSE));
rel = xs_dict_append(rel, "muting_notifications", xs_stock(XSTYPE_FALSE));
rel = xs_dict_append(rel, "requested", xs_stock(XSTYPE_FALSE));
rel = xs_dict_append(rel, "domain_blocking", xs_stock(XSTYPE_FALSE));
rel = xs_dict_append(rel, "endorsed", xs_stock(XSTYPE_FALSE));
2023-04-23 09:44:26 +03:00
rel = xs_dict_append(rel, "note", "");
}
return rel;
}
2023-04-11 22:07:47 +03:00
int process_auth_token(snac *snac, const xs_dict *req)
/* processes an authorization token, if there is one */
2023-04-09 21:34:05 +03:00
{
2023-04-09 22:31:56 +03:00
int logged_in = 0;
2024-05-21 15:12:15 +03:00
const char *v;
2023-04-09 22:31:56 +03:00
/* if there is an authorization field, try to validate it */
if (!xs_is_null(v = xs_dict_get(req, "authorization")) && xs_startswith(v, "Bearer ")) {
2023-05-02 07:49:00 +03:00
xs *tokid = xs_replace_n(v, "Bearer ", "", 1);
2023-04-09 22:31:56 +03:00
xs *token = token_get(tokid);
if (token != NULL) {
const char *uid = xs_dict_get(token, "uid");
2023-04-11 22:07:47 +03:00
if (!xs_is_null(uid) && user_open(snac, uid)) {
2023-04-09 22:31:56 +03:00
logged_in = 1;
/* this counts as a 'login' */
lastlog_write(snac, "mastoapi");
2023-11-08 20:15:51 +03:00
srv_debug(2, xs_fmt("mastoapi auth: valid token for user '%s'", uid));
2023-04-09 22:31:56 +03:00
}
else
2023-11-08 20:15:51 +03:00
srv_log(xs_fmt("mastoapi auth: corrupted token '%s'", tokid));
2023-04-09 22:31:56 +03:00
}
else
2023-11-08 20:15:51 +03:00
srv_log(xs_fmt("mastoapi auth: invalid token '%s'", tokid));
2023-04-09 22:31:56 +03:00
}
2023-04-09 21:34:05 +03:00
2023-04-11 22:07:47 +03:00
return logged_in;
}
int mastoapi_get_handler(const xs_dict *req, const char *q_path,
char **body, int *b_size, char **ctype)
{
2023-05-04 10:28:36 +03:00
(void)b_size;
2023-04-16 09:13:45 +03:00
if (!xs_startswith(q_path, "/api/v1/") && !xs_startswith(q_path, "/api/v2/"))
2023-04-11 22:07:47 +03:00
return 0;
int status = 404;
2024-05-21 15:12:15 +03:00
const xs_dict *args = xs_dict_get(req, "q_vars");
2023-05-02 07:49:00 +03:00
xs *cmd = xs_replace_n(q_path, "/api", "", 1);
2023-04-11 22:07:47 +03:00
2023-04-12 19:44:15 +03:00
snac snac1 = {0};
int logged_in = process_auth_token(&snac1, req);
2023-04-11 22:07:47 +03:00
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/accounts/verify_credentials") == 0) { /** **/
2023-04-09 22:31:56 +03:00
if (logged_in) {
2023-04-10 01:08:51 +03:00
xs *acct = xs_dict_new();
2023-04-09 22:31:56 +03:00
acct = xs_dict_append(acct, "id", snac1.md5);
2023-04-12 19:44:15 +03:00
acct = xs_dict_append(acct, "username", xs_dict_get(snac1.config, "uid"));
acct = xs_dict_append(acct, "acct", xs_dict_get(snac1.config, "uid"));
acct = xs_dict_append(acct, "display_name", xs_dict_get(snac1.config, "name"));
acct = xs_dict_append(acct, "created_at", xs_dict_get(snac1.config, "published"));
acct = xs_dict_append(acct, "last_status_at", xs_dict_get(snac1.config, "published"));
2023-04-12 19:44:15 +03:00
acct = xs_dict_append(acct, "note", xs_dict_get(snac1.config, "bio"));
acct = xs_dict_append(acct, "url", snac1.actor);
2024-03-15 06:10:11 +03:00
acct = xs_dict_append(acct, "locked", xs_stock(XSTYPE_FALSE));
acct = xs_dict_append(acct, "bot", xs_dict_get(snac1.config, "bot"));
2023-04-09 23:10:49 +03:00
xs *src = xs_json_loads("{\"privacy\":\"public\","
"\"sensitive\":false,\"fields\":[],\"note\":\"\"}");
acct = xs_dict_append(acct, "source", src);
2023-04-10 01:08:51 +03:00
xs *avatar = NULL;
2024-05-21 15:12:15 +03:00
const char *av = xs_dict_get(snac1.config, "avatar");
2023-04-09 23:10:49 +03:00
2023-04-10 01:08:51 +03:00
if (xs_is_null(av) || *av == '\0')
2023-04-09 23:10:49 +03:00
avatar = xs_fmt("%s/susie.png", srv_baseurl);
2023-04-10 01:08:51 +03:00
else
avatar = xs_dup(av);
2023-04-09 23:10:49 +03:00
acct = xs_dict_append(acct, "avatar", avatar);
acct = xs_dict_append(acct, "avatar_static", avatar);
2023-04-09 22:31:56 +03:00
xs *header = NULL;
2024-05-21 15:12:15 +03:00
const char *hd = xs_dict_get(snac1.config, "header");
if (!xs_is_null(hd))
header = xs_dup(hd);
else
header = xs_fmt("%s/header.png", srv_baseurl);
acct = xs_dict_append(acct, "header", header);
acct = xs_dict_append(acct, "header_static", header);
2024-05-21 15:12:15 +03:00
const xs_dict *metadata = xs_dict_get(snac1.config, "metadata");
if (xs_type(metadata) == XSTYPE_DICT) {
xs *fields = xs_list_new();
xs_str *k;
xs_str *v;
xs_dict *val_links = snac1.links;
if (xs_is_null(val_links))
2024-03-15 06:10:11 +03:00
val_links = xs_stock(XSTYPE_DICT);
int c = 0;
while (xs_dict_next(metadata, &k, &v, &c)) {
xs *val_date = NULL;
2024-05-21 15:12:15 +03:00
const xs_number *verified_time = xs_dict_get(val_links, v);
if (xs_type(verified_time) == XSTYPE_NUMBER) {
time_t t = xs_number_get(verified_time);
if (t > 0)
val_date = xs_str_utctime(t, ISO_DATE_SPEC);
}
xs *d = xs_dict_new();
d = xs_dict_append(d, "name", k);
d = xs_dict_append(d, "value", v);
d = xs_dict_append(d, "verified_at",
xs_type(val_date) == XSTYPE_STRING && *val_date ?
2024-03-15 06:10:11 +03:00
val_date : xs_stock(XSTYPE_NULL));
fields = xs_list_append(fields, d);
}
acct = xs_dict_set(acct, "fields", fields);
}
2024-03-15 06:10:11 +03:00
acct = xs_dict_append(acct, "followers_count", xs_stock(0));
acct = xs_dict_append(acct, "following_count", xs_stock(0));
acct = xs_dict_append(acct, "statuses_count", xs_stock(0));
*body = xs_json_dumps(acct, 4);
2023-04-09 22:31:56 +03:00
*ctype = "application/json";
status = 200;
}
else {
status = 422; // "Unprocessable entity" (no login)
}
2023-04-09 21:34:05 +03:00
}
2023-04-10 01:08:51 +03:00
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/accounts/relationships") == 0) { /** **/
2023-04-12 21:25:41 +03:00
/* find if an account is followed, blocked, etc. */
/* the account to get relationships about is in args "id[]" */
if (logged_in) {
xs *res = xs_list_new();
const char *md5 = xs_dict_get(args, "id[]");
2023-08-13 14:00:36 +03:00
if (xs_is_null(md5))
md5 = xs_dict_get(args, "id");
2023-04-23 09:44:26 +03:00
if (!xs_is_null(md5)) {
if (xs_type(md5) == XSTYPE_LIST)
md5 = xs_list_get(md5, 0);
2023-04-23 09:44:26 +03:00
xs *rel = mastoapi_relationship(&snac1, md5);
2023-04-23 09:44:26 +03:00
if (rel != NULL)
res = xs_list_append(res, rel);
}
*body = xs_json_dumps(res, 4);
*ctype = "application/json";
status = 200;
}
else
status = 422;
2023-04-12 21:25:41 +03:00
}
else
if (strcmp(cmd, "/v1/accounts/lookup") == 0) { /** **/
/* lookup an account */
2024-05-21 15:12:15 +03:00
const char *acct = xs_dict_get(args, "acct");
if (!xs_is_null(acct)) {
xs *s = xs_strip_chars_i(xs_dup(acct), "@");
xs *l = xs_split_n(s, "@", 1);
2024-05-21 15:12:15 +03:00
const char *uid = xs_list_get(l, 0);
const char *host = xs_list_get(l, 1);
if (uid && (!host || strcmp(host, xs_dict_get(srv_config, "host")) == 0)) {
snac user;
if (user_open(&user, uid)) {
xs *actor = msg_actor(&user);
xs *macct = mastoapi_account(actor);
*body = xs_json_dumps(macct, 4);
*ctype = "application/json";
status = 200;
user_free(&user);
}
}
}
}
else
2023-05-12 13:29:24 +03:00
if (xs_startswith(cmd, "/v1/accounts/")) { /** **/
2023-04-12 19:54:20 +03:00
/* account-related information */
2023-04-12 19:44:15 +03:00
xs *l = xs_split(cmd, "/");
const char *uid = xs_list_get(l, 3);
const char *opt = xs_list_get(l, 4);
2023-04-12 19:44:15 +03:00
if (uid != NULL) {
snac snac2;
xs *out = NULL;
xs *actor = NULL;
2023-05-15 12:15:28 +03:00
if (logged_in && strcmp(uid, "search") == 0) { /** **/
/* search for accounts starting with q */
const char *aq = xs_dict_get(args, "q");
2023-05-15 12:15:28 +03:00
if (!xs_is_null(aq)) {
xs *q = xs_tolower_i(xs_dup(aq));
2023-05-15 12:15:28 +03:00
out = xs_list_new();
xs *wing = following_list(&snac1);
xs *wers = follower_list(&snac1);
xs *ulst = user_list();
2023-05-15 12:15:28 +03:00
xs_list *p;
xs_str *v;
2023-05-15 12:23:36 +03:00
xs_set seen;
xs_set_init(&seen);
2023-05-15 12:15:28 +03:00
/* user relations */
2023-05-15 12:15:28 +03:00
xs_list *lsts[] = { wing, wers, NULL };
int n;
for (n = 0; (p = lsts[n]) != NULL; n++) {
while (xs_list_iter(&p, &v)) {
2023-05-15 12:23:36 +03:00
/* already seen? skip */
if (xs_set_add(&seen, v) == 0)
continue;
2023-05-15 12:15:28 +03:00
xs *actor = NULL;
if (valid_status(object_get(v, &actor))) {
const char *uname = xs_dict_get(actor, "preferredUsername");
if (!xs_is_null(uname)) {
xs *luname = xs_tolower_i(xs_dup(uname));
2023-05-15 12:15:28 +03:00
if (xs_startswith(luname, q)) {
xs *acct = mastoapi_account(actor);
out = xs_list_append(out, acct);
}
2023-05-15 12:15:28 +03:00
}
}
}
}
2023-05-15 12:23:36 +03:00
/* local users */
p = ulst;
while (xs_list_iter(&p, &v)) {
snac user;
/* skip this same user */
if (strcmp(v, xs_dict_get(snac1.config, "uid")) == 0)
continue;
/* skip if the uid does not start with the query */
xs *v2 = xs_tolower_i(xs_dup(v));
if (!xs_startswith(v2, q))
continue;
if (user_open(&user, v)) {
/* if it's not already seen, add it */
if (xs_set_add(&seen, user.actor) == 1) {
xs *actor = msg_actor(&user);
xs *acct = mastoapi_account(actor);
out = xs_list_append(out, acct);
}
user_free(&user);
}
}
2023-05-15 12:23:36 +03:00
xs_set_free(&seen);
2023-05-15 12:15:28 +03:00
}
}
else
/* is it a local user? */
2023-04-16 08:43:41 +03:00
if (user_open(&snac2, uid) || user_open_by_md5(&snac2, uid)) {
if (opt == NULL) {
/* account information */
actor = msg_actor(&snac2);
out = mastoapi_account(actor);
}
else
2023-05-15 12:15:28 +03:00
if (strcmp(opt, "statuses") == 0) { /** **/
/* the public list of posts of a user */
xs *timeline = timeline_simple_list(&snac2, "public", 0, 256);
xs_list *p = timeline;
xs_str *v;
2023-04-12 19:44:15 +03:00
out = xs_list_new();
2023-04-12 19:54:20 +03:00
while (xs_list_iter(&p, &v)) {
xs *msg = NULL;
2023-04-12 19:44:15 +03:00
if (valid_status(timeline_get_by_md5(&snac2, v, &msg))) {
/* add only posts by the author */
if (strcmp(xs_dict_get(msg, "type"), "Note") == 0 &&
xs_startswith(xs_dict_get(msg, "id"), snac2.actor)) {
xs *st = mastoapi_status(&snac2, msg);
2023-04-12 19:44:15 +03:00
2023-08-10 20:37:33 +03:00
if (st)
out = xs_list_append(out, st);
}
2023-04-12 19:44:15 +03:00
}
}
}
user_free(&snac2);
}
else {
/* try the uid as the md5 of a possibly loaded actor */
if (logged_in && valid_status(object_get_by_md5(uid, &actor))) {
if (opt == NULL) {
/* account information */
out = mastoapi_account(actor);
}
else
if (strcmp(opt, "statuses") == 0) {
/* we don't serve statuses of others; return the empty list */
out = xs_list_new();
}
}
2023-04-12 19:54:20 +03:00
}
2023-04-12 19:44:15 +03:00
2023-04-12 19:54:20 +03:00
if (out != NULL) {
*body = xs_json_dumps(out, 4);
2023-04-12 19:44:15 +03:00
*ctype = "application/json";
status = 200;
}
}
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/timelines/home") == 0) { /** **/
2023-04-10 01:08:51 +03:00
/* the private timeline */
if (logged_in) {
const char *max_id = xs_dict_get(args, "max_id");
2023-04-10 11:23:14 +03:00
const char *since_id = xs_dict_get(args, "since_id");
const char *min_id = xs_dict_get(args, "min_id");
2023-04-10 01:08:51 +03:00
const char *limit_s = xs_dict_get(args, "limit");
2023-04-10 12:30:00 +03:00
int limit = 0;
int cnt = 0;
2023-04-10 01:08:51 +03:00
if (!xs_is_null(limit_s))
limit = atoi(limit_s);
2023-04-10 12:30:00 +03:00
if (limit == 0)
limit = 20;
xs *timeline = timeline_simple_list(&snac1, "private", 0, 2048);
2023-04-10 09:52:04 +03:00
xs *out = xs_list_new();
xs_list *p = timeline;
2023-04-10 01:08:51 +03:00
xs_str *v;
while (xs_list_iter(&p, &v) && cnt < limit) {
xs *msg = NULL;
/* only return entries older that max_id */
if (max_id) {
2023-06-10 09:35:16 +03:00
if (strcmp(v, MID_TO_MD5(max_id)) == 0)
max_id = NULL;
continue;
}
2023-04-10 01:08:51 +03:00
2023-04-10 11:23:14 +03:00
/* only returns entries newer than since_id */
if (since_id) {
2023-06-10 09:35:16 +03:00
if (strcmp(v, MID_TO_MD5(since_id)) == 0)
2023-04-10 11:23:14 +03:00
break;
}
/* only returns entries newer than min_id */
/* what does really "Return results immediately newer than ID" mean? */
if (min_id) {
2023-06-10 09:35:16 +03:00
if (strcmp(v, MID_TO_MD5(min_id)) == 0)
break;
}
2023-04-10 01:08:51 +03:00
/* get the entry */
2023-04-12 19:44:15 +03:00
if (!valid_status(timeline_get_by_md5(&snac1, v, &msg)))
2023-04-10 01:08:51 +03:00
continue;
2023-04-10 11:23:14 +03:00
/* discard non-Notes */
const char *id = xs_dict_get(msg, "id");
2023-05-31 11:49:08 +03:00
const char *type = xs_dict_get(msg, "type");
2024-05-11 19:46:15 +03:00
if (!xs_match(type, POSTLIKE_OBJECT_TYPE))
2023-04-10 01:08:51 +03:00
continue;
2024-01-29 00:04:11 +03:00
const char *from = NULL;
if (strcmp(type, "Page") == 0)
from = xs_dict_get(msg, "audience");
if (from == NULL)
from = get_atto(msg);
if (from == NULL)
continue;
/* is this message from a person we don't follow? */
if (strcmp(from, snac1.actor) && !following_check(&snac1, from)) {
/* discard if it was not boosted */
xs *idx = object_announces(id);
if (xs_list_len(idx) == 0)
continue;
}
2023-04-27 09:35:23 +03:00
/* discard notes from muted morons */
if (is_muted(&snac1, from))
continue;
2023-04-27 09:35:23 +03:00
/* discard hidden notes */
if (is_hidden(&snac1, id))
2023-04-27 09:35:23 +03:00
continue;
/* if it has a name and it's not a Page or a Video,
it's a poll vote, so discard it */
if (!xs_is_null(xs_dict_get(msg, "name")) && !xs_match(type, "Page|Video"))
continue;
2023-04-11 10:50:12 +03:00
/* convert the Note into a Mastodon status */
2023-04-12 19:44:15 +03:00
xs *st = mastoapi_status(&snac1, msg);
2023-04-10 01:08:51 +03:00
2023-04-11 10:50:12 +03:00
if (st != NULL)
out = xs_list_append(out, st);
2023-04-10 01:08:51 +03:00
cnt++;
}
*body = xs_json_dumps(out, 4);
2023-04-10 01:08:51 +03:00
*ctype = "application/json";
status = 200;
2023-04-10 12:30:00 +03:00
2023-04-13 10:59:00 +03:00
srv_debug(2, xs_fmt("mastoapi timeline: returned %d entries", xs_list_len(out)));
2023-04-10 01:08:51 +03:00
}
else {
status = 401; // unauthorized
}
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/timelines/public") == 0) { /** **/
2023-04-30 08:00:49 +03:00
/* the instance public timeline (public timelines for all users) */
2023-04-30 07:39:55 +03:00
const char *limit_s = xs_dict_get(args, "limit");
2023-04-23 10:41:43 +03:00
int limit = 0;
int cnt = 0;
if (!xs_is_null(limit_s))
limit = atoi(limit_s);
if (limit == 0)
limit = 20;
2023-04-30 07:39:55 +03:00
xs *timeline = timeline_instance_list(0, limit);
xs *out = xs_list_new();
xs_list *p = timeline;
xs_str *md5;
2023-04-23 10:41:43 +03:00
snac *user = NULL;
if (logged_in)
user = &snac1;
while (xs_list_iter(&p, &md5) && cnt < limit) {
2023-04-30 07:39:55 +03:00
xs *msg = NULL;
2023-04-23 10:41:43 +03:00
2023-04-30 07:39:55 +03:00
/* get the entry */
if (!valid_status(object_get_by_md5(md5, &msg)))
continue;
2023-04-23 10:41:43 +03:00
2023-04-30 07:39:55 +03:00
/* discard non-Notes */
2023-05-31 11:49:08 +03:00
const char *type = xs_dict_get(msg, "type");
if (strcmp(type, "Note") != 0 && strcmp(type, "Question") != 0)
2023-04-30 07:39:55 +03:00
continue;
2023-04-23 10:41:43 +03:00
/* discard messages from private users */
if (is_msg_from_private_user(msg))
continue;
2023-04-30 08:00:49 +03:00
/* convert the Note into a Mastodon status */
xs *st = mastoapi_status(user, msg);
2023-04-23 10:41:43 +03:00
2023-04-30 08:00:49 +03:00
if (st != NULL) {
out = xs_list_append(out, st);
2023-04-30 07:39:55 +03:00
cnt++;
2023-04-23 10:41:43 +03:00
}
}
*body = xs_json_dumps(out, 4);
2023-04-11 21:10:24 +03:00
*ctype = "application/json";
status = 200;
}
else
if (xs_startswith(cmd, "/v1/timelines/tag/")) { /** **/
const char *limit_s = xs_dict_get(args, "limit");
int limit = 0;
int cnt = 0;
if (!xs_is_null(limit_s))
limit = atoi(limit_s);
if (limit == 0)
limit = 20;
/* get the tag */
xs *l = xs_split(cmd, "/");
2024-05-21 15:12:15 +03:00
const char *tag = xs_list_get(l, -1);
xs *timeline = tag_search(tag, 0, limit);
xs *out = xs_list_new();
xs_list *p = timeline;
xs_str *md5;
while (xs_list_iter(&p, &md5) && cnt < limit) {
xs *msg = NULL;
/* get the entry */
if (!valid_status(object_get_by_md5(md5, &msg)))
continue;
/* skip non-public messages */
if (!is_msg_public(msg))
continue;
/* discard messages from private users */
if (is_msg_from_private_user(msg))
continue;
/* convert the Note into a Mastodon status */
xs *st = mastoapi_status(NULL, msg);
if (st != NULL) {
out = xs_list_append(out, st);
cnt++;
}
}
*body = xs_json_dumps(out, 4);
*ctype = "application/json";
status = 200;
}
else
2024-04-29 11:15:04 +03:00
if (xs_startswith(cmd, "/v1/timelines/list/")) { /** **/
/* get the list id */
if (logged_in) {
xs *l = xs_split(cmd, "/");
2024-05-21 15:12:15 +03:00
const char *list = xs_list_get(l, -1);
2024-04-29 11:15:04 +03:00
xs *timeline = list_timeline(&snac1, list, 0, 2048);
2024-04-29 11:15:04 +03:00
xs *out = xs_list_new();
int c = 0;
char *md5;
while (xs_list_next(timeline, &md5, &c)) {
xs *msg = NULL;
/* get the entry */
if (!valid_status(timeline_get_by_md5(&snac1, md5, &msg)))
continue;
/* discard non-Notes */
const char *id = xs_dict_get(msg, "id");
const char *type = xs_dict_get(msg, "type");
2024-05-11 19:46:15 +03:00
if (!xs_match(type, POSTLIKE_OBJECT_TYPE))
2024-04-29 11:15:04 +03:00
continue;
const char *from = NULL;
if (strcmp(type, "Page") == 0)
from = xs_dict_get(msg, "audience");
if (from == NULL)
from = get_atto(msg);
if (from == NULL)
continue;
/* is this message from a person we don't follow? */
if (strcmp(from, snac1.actor) && !following_check(&snac1, from)) {
/* discard if it was not boosted */
xs *idx = object_announces(id);
if (xs_list_len(idx) == 0)
continue;
}
/* discard notes from muted morons */
if (is_muted(&snac1, from))
continue;
/* discard hidden notes */
if (is_hidden(&snac1, id))
continue;
/* if it has a name and it's not a Page or a Video,
it's a poll vote, so discard it */
if (!xs_is_null(xs_dict_get(msg, "name")) && !xs_match(type, "Page|Video"))
continue;
/* convert the Note into a Mastodon status */
xs *st = mastoapi_status(&snac1, msg);
if (st != NULL)
out = xs_list_append(out, st);
}
*body = xs_json_dumps(out, 4);
*ctype = "application/json";
status = 200;
}
else
status = 421;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/conversations") == 0) { /** **/
2023-04-11 21:10:24 +03:00
/* TBD */
*body = xs_dup("[]");
*ctype = "application/json";
status = 200;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/notifications") == 0) { /** **/
if (logged_in) {
xs *l = notify_list(&snac1, 0, 64);
2023-04-13 18:56:00 +03:00
xs *out = xs_list_new();
xs_list *p = l;
xs_dict *v;
2024-05-21 15:12:15 +03:00
const xs_list *excl = xs_dict_get(args, "exclude_types[]");
2023-04-13 18:56:00 +03:00
while (xs_list_iter(&p, &v)) {
2023-04-14 09:37:33 +03:00
xs *noti = notify_get(&snac1, v);
if (noti == NULL)
continue;
const char *type = xs_dict_get(noti, "type");
const char *utype = xs_dict_get(noti, "utype");
2023-04-14 09:37:33 +03:00
const char *objid = xs_dict_get(noti, "objid");
2023-04-13 18:56:00 +03:00
xs *actor = NULL;
xs *entry = NULL;
if (!valid_status(actor_get(xs_dict_get(noti, "actor"), &actor)))
2023-04-13 18:56:00 +03:00
continue;
2023-04-13 18:56:00 +03:00
if (objid != NULL && !valid_status(object_get(objid, &entry)))
continue;
2023-04-14 13:23:32 +03:00
if (is_hidden(&snac1, objid))
continue;
2023-04-13 18:56:00 +03:00
/* convert the type */
if (strcmp(type, "Like") == 0)
type = "favourite";
else
if (strcmp(type, "Announce") == 0)
type = "reblog";
else
if (strcmp(type, "Follow") == 0)
type = "follow";
else
if (strcmp(type, "Create") == 0)
type = "mention";
else
if (strcmp(type, "Update") == 0 && strcmp(utype, "Question") == 0)
type = "poll";
2023-04-13 18:56:00 +03:00
else
continue;
/* excluded type? */
if (!xs_is_null(excl) && xs_list_in(excl, type) != -1)
continue;
2023-04-13 18:56:00 +03:00
xs *mn = xs_dict_new();
mn = xs_dict_append(mn, "type", type);
2023-04-14 09:37:33 +03:00
xs *id = xs_replace(xs_dict_get(noti, "id"), ".", "");
2023-04-13 18:56:00 +03:00
mn = xs_dict_append(mn, "id", id);
2023-04-14 09:37:33 +03:00
mn = xs_dict_append(mn, "created_at", xs_dict_get(noti, "date"));
2023-04-13 18:56:00 +03:00
xs *acct = mastoapi_account(actor);
mn = xs_dict_append(mn, "account", acct);
2023-04-14 09:37:33 +03:00
if (strcmp(type, "follow") != 0 && !xs_is_null(objid)) {
2023-04-13 18:56:00 +03:00
xs *st = mastoapi_status(&snac1, entry);
2023-08-10 20:37:33 +03:00
if (st)
mn = xs_dict_append(mn, "status", st);
2023-04-13 18:56:00 +03:00
}
out = xs_list_append(out, mn);
}
*body = xs_json_dumps(out, 4);
*ctype = "application/json";
status = 200;
}
else
status = 401;
2023-04-11 21:10:24 +03:00
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/filters") == 0) { /** **/
2023-04-11 21:16:12 +03:00
/* snac will never have filters */
2023-04-11 21:10:24 +03:00
*body = xs_dup("[]");
*ctype = "application/json";
status = 200;
}
else
2024-01-28 23:55:43 +03:00
if (strcmp(cmd, "/v2/filters") == 0) { /** **/
/* snac will never have filters
2024-03-12 09:03:44 +03:00
* but still, without a v2 endpoint a short delay is introduced
* in some apps */
2024-01-28 23:55:43 +03:00
*body = xs_dup("[]");
*ctype = "application/json";
status = 200;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/favourites") == 0) { /** **/
2023-04-11 21:16:12 +03:00
/* snac will never support a list of favourites */
2023-04-11 21:10:24 +03:00
*body = xs_dup("[]");
*ctype = "application/json";
status = 200;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/bookmarks") == 0) { /** **/
2023-04-11 21:16:12 +03:00
/* snac does not support bookmarks */
2023-04-11 21:10:24 +03:00
*body = xs_dup("[]");
*ctype = "application/json";
status = 200;
}
else
2024-04-29 10:26:37 +03:00
if (strcmp(cmd, "/v1/lists") == 0) { /** list of lists **/
2024-04-29 08:43:01 +03:00
if (logged_in) {
xs *lol = list_maint(&snac1, NULL, 0);
xs *l = xs_list_new();
int c = 0;
xs_list *li;
while (xs_list_next(lol, &li, &c)) {
xs *d = xs_dict_new();
d = xs_dict_append(d, "id", xs_list_get(li, 0));
d = xs_dict_append(d, "title", xs_list_get(li, 1));
d = xs_dict_append(d, "replies_policy", "list");
d = xs_dict_append(d, "exclusive", xs_stock(XSTYPE_FALSE));
l = xs_list_append(l, d);
}
*body = xs_json_dumps(l, 4);
*ctype = "application/json";
status = 200;
}
2023-04-11 21:10:24 +03:00
}
else
2024-04-29 10:26:37 +03:00
if (xs_startswith(cmd, "/v1/lists/")) { /** list information **/
if (logged_in) {
xs *l = xs_split(cmd, "/");
2024-05-21 15:12:15 +03:00
const char *p = xs_list_get(l, -1);
2024-04-29 10:26:37 +03:00
2024-04-29 11:48:48 +03:00
if (p) {
if (strcmp(p, "accounts") == 0) {
p = xs_list_get(l, -2);
if (p && xs_is_hex(p)) {
xs *actors = list_content(&snac1, p, NULL, 0);
xs *out = xs_list_new();
int c = 0;
char *v;
while (xs_list_next(actors, &v, &c)) {
xs *actor = NULL;
if (valid_status(object_get_by_md5(v, &actor))) {
xs *acct = mastoapi_account(actor);
out = xs_list_append(out, acct);
}
}
*body = xs_json_dumps(out, 4);
*ctype = "application/json";
status = 200;
}
}
else
if (xs_is_hex(p)) {
2024-04-29 10:26:37 +03:00
xs *out = xs_list_new();
2024-04-29 11:48:48 +03:00
xs *lol = list_maint(&snac1, NULL, 0);
2024-04-29 10:26:37 +03:00
int c = 0;
2024-04-29 11:48:48 +03:00
xs_list *v;
while (xs_list_next(lol, &v, &c)) {
2024-05-21 15:12:15 +03:00
const char *id = xs_list_get(v, 0);
2024-04-29 11:48:48 +03:00
if (id && strcmp(id, p) == 0) {
xs *d = xs_dict_new();
2024-04-29 10:26:37 +03:00
2024-04-29 11:48:48 +03:00
d = xs_dict_append(d, "id", p);
d = xs_dict_append(d, "title", xs_list_get(v, 1));
d = xs_dict_append(d, "replies_policy", "list");
d = xs_dict_append(d, "exclusive", xs_stock(XSTYPE_FALSE));
2024-04-29 10:26:37 +03:00
2024-04-29 11:48:48 +03:00
out = xs_list_append(out, d);
break;
2024-04-29 10:26:37 +03:00
}
}
*body = xs_json_dumps(out, 4);
*ctype = "application/json";
status = 200;
}
}
}
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/scheduled_statuses") == 0) { /** **/
/* snac does not schedule notes */
2023-04-11 21:10:24 +03:00
*body = xs_dup("[]");
*ctype = "application/json";
status = 200;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/follow_requests") == 0) { /** **/
2023-04-11 21:16:12 +03:00
/* snac does not support optional follow confirmations */
2023-04-11 21:10:24 +03:00
*body = xs_dup("[]");
*ctype = "application/json";
status = 200;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/announcements") == 0) { /** **/
2023-04-11 21:16:12 +03:00
/* snac has no announcements (yet?) */
2023-04-11 21:10:24 +03:00
*body = xs_dup("[]");
*ctype = "application/json";
status = 200;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/custom_emojis") == 0) { /** **/
2023-04-11 21:16:12 +03:00
/* are you kidding me? */
2023-04-11 21:10:24 +03:00
*body = xs_dup("[]");
*ctype = "application/json";
status = 200;
2023-04-10 01:08:51 +03:00
}
2023-04-10 17:08:26 +03:00
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/instance") == 0) { /** **/
2023-04-10 17:08:26 +03:00
/* returns an instance object */
xs *ins = xs_dict_new();
const char *host = xs_dict_get(srv_config, "host");
const char *title = xs_dict_get(srv_config, "title");
const char *sdesc = xs_dict_get(srv_config, "short_description");
2023-04-10 17:08:26 +03:00
ins = xs_dict_append(ins, "uri", host);
2023-04-10 17:08:26 +03:00
ins = xs_dict_append(ins, "domain", host);
ins = xs_dict_append(ins, "title", title && *title ? title : host);
2023-04-10 17:08:26 +03:00
ins = xs_dict_append(ins, "version", "4.0.0 (not true; really " USER_AGENT ")");
ins = xs_dict_append(ins, "source_url", WHAT_IS_SNAC_URL);
2023-04-10 17:08:26 +03:00
ins = xs_dict_append(ins, "description", host);
ins = xs_dict_append(ins, "short_description", sdesc && *sdesc ? sdesc : host);
2023-04-10 17:08:26 +03:00
xs *susie = xs_fmt("%s/susie.png", srv_baseurl);
ins = xs_dict_append(ins, "thumbnail", susie);
2023-04-10 17:08:26 +03:00
const char *v = xs_dict_get(srv_config, "admin_email");
if (xs_is_null(v) || *v == '\0')
v = "admin@localhost";
ins = xs_dict_append(ins, "email", v);
2023-04-10 17:08:26 +03:00
2024-03-15 06:10:11 +03:00
ins = xs_dict_append(ins, "rules", xs_stock(XSTYPE_LIST));
2023-08-13 13:09:35 +03:00
xs *l1 = xs_list_append(xs_list_new(), "en");
2023-04-10 17:08:26 +03:00
ins = xs_dict_append(ins, "languages", l1);
xs *wss = xs_fmt("wss:/" "/%s", xs_dict_get(srv_config, "host"));
xs *urls = xs_dict_new();
urls = xs_dict_append(urls, "streaming_api", wss);
ins = xs_dict_append(ins, "urls", urls);
2024-03-15 06:10:11 +03:00
xs *d2 = xs_dict_append(xs_dict_new(), "user_count", xs_stock(0));
d2 = xs_dict_append(d2, "status_count", xs_stock(0));
d2 = xs_dict_append(d2, "domain_count", xs_stock(0));
2023-08-12 19:42:11 +03:00
ins = xs_dict_append(ins, "stats", d2);
2024-03-15 06:10:11 +03:00
ins = xs_dict_append(ins, "registrations", xs_stock(XSTYPE_FALSE));
ins = xs_dict_append(ins, "approval_required", xs_stock(XSTYPE_FALSE));
ins = xs_dict_append(ins, "invites_enabled", xs_stock(XSTYPE_FALSE));
xs *cfg = xs_dict_new();
{
2023-08-12 19:38:55 +03:00
xs *d11 = xs_json_loads("{\"characters_reserved_per_url\":32,"
"\"max_characters\":100000,\"max_media_attachments\":8}");
cfg = xs_dict_append(cfg, "statuses", d11);
2023-08-12 19:38:55 +03:00
xs *d12 = xs_json_loads("{\"max_featured_tags\":10}");
cfg = xs_dict_append(cfg, "accounts", d12);
xs *d13 = xs_json_loads("{\"image_matrix_limit\":33177600,"
"\"image_size_limit\":16777216,"
"\"video_frame_rate_limit\":120,"
"\"video_matrix_limit\":8294400,"
"\"video_size_limit\":103809024}"
);
{
/* get the supported mime types from the internal list */
const char **p = xs_mime_types;
xs_set mtypes;
xs_set_init(&mtypes);
while (*p) {
const char *type = p[1];
if (xs_startswith(type, "image/") ||
xs_startswith(type, "video/") ||
xs_startswith(type, "audio/"))
xs_set_add(&mtypes, type);
p += 2;
}
xs *l = xs_set_result(&mtypes);
d13 = xs_dict_append(d13, "supported_mime_types", l);
}
2023-08-12 19:38:55 +03:00
cfg = xs_dict_append(cfg, "media_attachments", d13);
xs *d14 = xs_json_loads("{\"max_characters_per_option\":50,"
"\"max_expiration\":2629746,"
"\"max_options\":8,\"min_expiration\":300}");
cfg = xs_dict_append(cfg, "polls", d14);
}
ins = xs_dict_append(ins, "configuration", cfg);
const char *admin_account = xs_dict_get(srv_config, "admin_account");
if (!xs_is_null(admin_account) && *admin_account) {
snac admin;
if (user_open(&admin, admin_account)) {
xs *actor = msg_actor(&admin);
xs *acct = mastoapi_account(actor);
ins = xs_dict_append(ins, "contact_account", acct);
user_free(&admin);
}
}
*body = xs_json_dumps(ins, 4);
2023-04-10 17:08:26 +03:00
*ctype = "application/json";
status = 200;
}
2023-04-11 12:00:06 +03:00
else
2023-05-12 13:29:24 +03:00
if (xs_startswith(cmd, "/v1/statuses/")) { /** **/
/* information about a status */
if (logged_in) {
xs *l = xs_split(cmd, "/");
const char *id = xs_list_get(l, 3);
const char *op = xs_list_get(l, 4);
2023-04-11 12:00:06 +03:00
if (!xs_is_null(id)) {
xs *msg = NULL;
xs *out = NULL;
2023-04-11 12:00:06 +03:00
/* skip the 'fake' part of the id */
id = MID_TO_MD5(id);
2023-04-11 12:00:06 +03:00
if (valid_status(object_get_by_md5(id, &msg))) {
if (op == NULL) {
if (!is_muted(&snac1, get_atto(msg))) {
/* return the status itself */
out = mastoapi_status(&snac1, msg);
}
}
else
if (strcmp(op, "context") == 0) { /** **/
/* return ancestors and children */
xs *anc = xs_list_new();
xs *des = xs_list_new();
xs_list *p;
xs_str *v;
char pid[64];
/* build the [grand]parent list, moving up */
strncpy(pid, id, sizeof(pid));
while (object_parent(pid, pid, sizeof(pid))) {
xs *m2 = NULL;
if (valid_status(timeline_get_by_md5(&snac1, pid, &m2))) {
xs *st = mastoapi_status(&snac1, m2);
2023-08-10 20:37:33 +03:00
if (st)
anc = xs_list_insert(anc, 0, st);
}
else
break;
}
/* build the children list */
xs *children = object_children(xs_dict_get(msg, "id"));
p = children;
while (xs_list_iter(&p, &v)) {
xs *m2 = NULL;
if (valid_status(timeline_get_by_md5(&snac1, v, &m2))) {
if (xs_is_null(xs_dict_get(m2, "name"))) {
xs *st = mastoapi_status(&snac1, m2);
2023-08-10 20:37:33 +03:00
if (st)
des = xs_list_append(des, st);
}
}
}
out = xs_dict_new();
out = xs_dict_append(out, "ancestors", anc);
out = xs_dict_append(out, "descendants", des);
}
else
if (strcmp(op, "reblogged_by") == 0 || /** **/
strcmp(op, "favourited_by") == 0) { /** **/
/* return the list of people who liked or boosted this */
out = xs_list_new();
xs *l = NULL;
if (op[0] == 'r')
l = object_announces(xs_dict_get(msg, "id"));
else
l = object_likes(xs_dict_get(msg, "id"));
xs_list *p = l;
xs_str *v;
while (xs_list_iter(&p, &v)) {
xs *actor2 = NULL;
if (valid_status(object_get_by_md5(v, &actor2))) {
xs *acct2 = mastoapi_account(actor2);
out = xs_list_append(out, acct2);
}
}
}
else
if (strcmp(op, "source") == 0) { /** **/
out = xs_dict_new();
/* get the mastoapi status id */
out = xs_dict_append(out, "id", xs_list_get(l, 3));
out = xs_dict_append(out, "text", xs_dict_get(msg, "sourceContent"));
out = xs_dict_append(out, "spoiler_text", xs_dict_get(msg, "summary"));
}
2023-04-11 12:00:06 +03:00
}
else
srv_debug(1, xs_fmt("mastoapi status: bad id %s", id));
2023-04-11 12:00:06 +03:00
if (out != NULL) {
*body = xs_json_dumps(out, 4);
*ctype = "application/json";
status = 200;
}
2023-04-11 12:00:06 +03:00
}
}
else
status = 401;
2023-04-11 12:00:06 +03:00
}
2023-04-13 07:38:05 +03:00
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/preferences") == 0) { /** **/
2023-04-15 17:40:48 +03:00
*body = xs_dup("{}");
*ctype = "application/json";
status = 200;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/markers") == 0) { /** **/
2023-04-15 17:40:48 +03:00
*body = xs_dup("{}");
*ctype = "application/json";
status = 200;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/followed_tags") == 0) { /** **/
2023-04-15 17:40:48 +03:00
*body = xs_dup("[]");
*ctype = "application/json";
2023-04-13 07:38:05 +03:00
status = 200;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v2/search") == 0) { /** **/
if (logged_in) {
const char *q = xs_dict_get(args, "q");
const char *type = xs_dict_get(args, "type");
const char *offset = xs_dict_get(args, "offset");
xs *acl = xs_list_new();
xs *stl = xs_list_new();
xs *htl = xs_list_new();
xs *res = xs_dict_new();
if (xs_is_null(offset) || strcmp(offset, "0") == 0) {
/* reply something only for offset 0; otherwise,
apps like Tusky keep asking again and again */
2024-05-09 10:09:22 +03:00
if (!xs_is_null(q)) {
if (xs_is_null(type) || strcmp(type, "accounts") == 0) {
2024-03-02 07:56:02 +03:00
/* do a webfinger query */
char *actor = NULL;
char *user = NULL;
2024-03-02 07:56:02 +03:00
if (valid_status(webfinger_request(q, &actor, &user)) && actor) {
xs *actor_o = NULL;
2024-03-02 07:56:02 +03:00
if (valid_status(actor_request(&snac1, actor, &actor_o))) {
xs *acct = mastoapi_account(actor_o);
2024-03-02 07:56:02 +03:00
acl = xs_list_append(acl, acct);
}
}
}
2024-05-09 10:09:22 +03:00
if (xs_is_null(type) || strcmp(type, "hashtags") == 0) {
2024-03-02 07:56:02 +03:00
/* search this tag */
xs *tl = tag_search((char *)q, 0, 1);
if (xs_list_len(tl)) {
xs *d = xs_dict_new();
d = xs_dict_append(d, "name", q);
xs *url = xs_fmt("%s?t=%s", srv_baseurl, q);
d = xs_dict_append(d, "url", url);
2024-03-15 06:10:11 +03:00
d = xs_dict_append(d, "history", xs_stock(XSTYPE_LIST));
2024-03-02 07:56:02 +03:00
htl = xs_list_append(htl, d);
}
}
2024-05-09 10:09:22 +03:00
if (xs_is_null(type) || strcmp(type, "statuses") == 0) {
int to = 0;
int cnt = 40;
xs *tl = content_search(&snac1, q, 1, 0, cnt, 0, &to);
2024-05-09 10:09:22 +03:00
int c = 0;
char *v;
while (xs_list_next(tl, &v, &c) && --cnt) {
2024-05-09 10:09:22 +03:00
xs *post = NULL;
if (!valid_status(timeline_get_by_md5(&snac1, v, &post)))
continue;
xs *s = mastoapi_status(&snac1, post);
if (!xs_is_null(s))
stl = xs_list_append(stl, s);
2024-05-09 10:09:22 +03:00
}
}
}
}
res = xs_dict_append(res, "accounts", acl);
res = xs_dict_append(res, "statuses", stl);
res = xs_dict_append(res, "hashtags", htl);
*body = xs_json_dumps(res, 4);
*ctype = "application/json";
status = 200;
}
else
status = 401;
}
2023-04-09 21:34:05 +03:00
2023-04-09 22:31:56 +03:00
/* user cleanup */
if (logged_in)
2023-04-12 19:44:15 +03:00
user_free(&snac1);
2023-04-09 22:31:56 +03:00
srv_debug(1, xs_fmt("mastoapi_get_handler %s %d", q_path, status));
2023-04-09 21:34:05 +03:00
return status;
}
2023-04-08 10:09:43 +03:00
int mastoapi_post_handler(const xs_dict *req, const char *q_path,
2023-04-09 21:34:05 +03:00
const char *payload, int p_size,
char **body, int *b_size, char **ctype)
2023-04-08 08:04:40 +03:00
{
2023-05-04 10:28:36 +03:00
(void)p_size;
(void)b_size;
2023-04-16 09:13:45 +03:00
if (!xs_startswith(q_path, "/api/v1/") && !xs_startswith(q_path, "/api/v2/"))
2023-04-08 07:09:05 +03:00
return 0;
2023-04-08 08:04:40 +03:00
int status = 404;
2023-04-11 22:07:47 +03:00
xs *args = NULL;
2024-05-21 15:12:15 +03:00
const char *i_ctype = xs_dict_get(req, "content-type");
2023-04-08 08:04:40 +03:00
if (i_ctype && xs_startswith(i_ctype, "application/json")) {
if (!xs_is_null(payload))
args = xs_json_loads(payload);
}
2024-01-28 23:55:43 +03:00
else if (i_ctype && xs_startswith(i_ctype, "application/x-www-form-urlencoded"))
{
2024-03-12 09:03:44 +03:00
// Some apps send form data instead of json so we should cater for those
2024-01-29 00:07:31 +03:00
if (!xs_is_null(payload)) {
2024-01-28 23:55:43 +03:00
xs *upl = xs_url_dec(payload);
args = xs_url_vars(upl);
2024-01-29 00:07:31 +03:00
}
2024-01-28 23:55:43 +03:00
}
2023-04-08 08:04:40 +03:00
else
2023-04-11 22:07:47 +03:00
args = xs_dup(xs_dict_get(req, "p_vars"));
2023-04-08 08:04:40 +03:00
2023-04-11 22:07:47 +03:00
if (args == NULL)
2023-04-08 08:04:40 +03:00
return 400;
2023-05-02 07:49:00 +03:00
xs *cmd = xs_replace_n(q_path, "/api", "", 1);
2023-04-08 08:04:40 +03:00
2023-04-11 22:07:47 +03:00
snac snac = {0};
int logged_in = process_auth_token(&snac, req);
2023-04-11 22:07:47 +03:00
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/apps") == 0) { /** **/
2023-04-11 22:07:47 +03:00
const char *name = xs_dict_get(args, "client_name");
const char *ruri = xs_dict_get(args, "redirect_uris");
const char *scope = xs_dict_get(args, "scope");
2023-04-09 23:10:49 +03:00
if (xs_type(ruri) == XSTYPE_LIST)
ruri = xs_dict_get(ruri, 0);
2023-04-08 08:04:40 +03:00
if (name && ruri) {
2023-04-08 10:09:43 +03:00
xs *app = xs_dict_new();
xs *id = xs_replace_i(tid(0), ".", "");
xs *csec = random_str();
xs *vkey = random_str();
xs *cid = NULL;
/* pick a non-existent random cid */
for (;;) {
cid = random_str();
xs *p_app = app_get(cid);
if (p_app == NULL)
break;
xs_free(cid);
}
2023-04-08 10:09:43 +03:00
app = xs_dict_append(app, "name", name);
app = xs_dict_append(app, "redirect_uri", ruri);
app = xs_dict_append(app, "client_id", cid);
app = xs_dict_append(app, "client_secret", csec);
app = xs_dict_append(app, "vapid_key", vkey);
app = xs_dict_append(app, "id", id);
2023-04-08 08:04:40 +03:00
*body = xs_json_dumps(app, 4);
2023-04-08 08:04:40 +03:00
*ctype = "application/json";
status = 200;
2023-04-08 11:29:33 +03:00
app = xs_dict_append(app, "code", "");
2023-04-09 23:10:49 +03:00
if (scope)
app = xs_dict_append(app, "scope", scope);
2023-04-08 11:29:33 +03:00
app_add(cid, app);
2023-04-09 23:10:49 +03:00
2023-05-04 12:53:17 +03:00
srv_debug(1, xs_fmt("mastoapi apps: new app %s", cid));
2023-04-08 08:04:40 +03:00
}
}
2023-04-11 22:07:47 +03:00
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/statuses") == 0) { /** **/
2023-04-11 22:07:47 +03:00
if (logged_in) {
/* post a new Note */
const char *content = xs_dict_get(args, "status");
const char *mid = xs_dict_get(args, "in_reply_to_id");
const char *visibility = xs_dict_get(args, "visibility");
const char *summary = xs_dict_get(args, "spoiler_text");
const char *media_ids = xs_dict_get(args, "media_ids");
if (xs_is_null(media_ids))
media_ids = xs_dict_get(args, "media_ids[]");
2023-08-13 14:00:36 +03:00
if (xs_is_null(media_ids))
media_ids = xs_dict_get(args, "media_ids");
if (xs_is_null(visibility))
visibility = "public";
xs *attach_list = xs_list_new();
xs *irt = NULL;
/* is it a reply? */
if (mid != NULL) {
xs *r_msg = NULL;
const char *md5 = MID_TO_MD5(mid);
if (valid_status(object_get_by_md5(md5, &r_msg)))
irt = xs_dup(xs_dict_get(r_msg, "id"));
}
/* does it have attachments? */
if (!xs_is_null(media_ids)) {
xs *mi = NULL;
if (xs_type(media_ids) == XSTYPE_LIST)
mi = xs_dup(media_ids);
else {
mi = xs_list_new();
mi = xs_list_append(mi, media_ids);
}
xs_list *p = mi;
xs_str *v;
while (xs_list_iter(&p, &v)) {
xs *l = xs_list_new();
xs *url = xs_fmt("%s/s/%s", snac.actor, v);
xs *desc = static_get_meta(&snac, v);
l = xs_list_append(l, url);
l = xs_list_append(l, desc);
attach_list = xs_list_append(attach_list, l);
}
}
/* prepare the message */
xs *msg = msg_note(&snac, content, NULL, irt, attach_list,
strcmp(visibility, "public") == 0 ? 0 : 1);
if (!xs_is_null(summary) && *summary) {
2024-03-15 06:10:11 +03:00
msg = xs_dict_set(msg, "sensitive", xs_stock(XSTYPE_TRUE));
msg = xs_dict_set(msg, "summary", summary);
}
/* store */
timeline_add(&snac, xs_dict_get(msg, "id"), msg);
/* 'Create' message */
xs *c_msg = msg_create(&snac, msg);
enqueue_message(&snac, c_msg);
timeline_touch(&snac);
/* convert to a mastodon status as a response code */
xs *st = mastoapi_status(&snac, msg);
*body = xs_json_dumps(st, 4);
*ctype = "application/json";
status = 200;
2023-04-11 22:07:47 +03:00
}
else
status = 401;
}
else
2023-05-12 13:29:24 +03:00
if (xs_startswith(cmd, "/v1/statuses")) { /** **/
2023-04-11 22:07:47 +03:00
if (logged_in) {
/* operations on a status */
xs *l = xs_split(cmd, "/");
const char *mid = xs_list_get(l, 3);
const char *op = xs_list_get(l, 4);
2023-04-11 22:07:47 +03:00
if (!xs_is_null(mid)) {
xs *msg = NULL;
xs *out = NULL;
/* skip the 'fake' part of the id */
mid = MID_TO_MD5(mid);
2023-04-11 22:07:47 +03:00
if (valid_status(timeline_get_by_md5(&snac, mid, &msg))) {
2024-05-21 15:12:15 +03:00
const char *id = xs_dict_get(msg, "id");
2023-04-11 22:07:47 +03:00
if (op == NULL) {
/* no operation (?) */
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "favourite") == 0) { /** **/
2023-04-11 22:07:47 +03:00
xs *n_msg = msg_admiration(&snac, id, "Like");
if (n_msg != NULL) {
enqueue_message(&snac, n_msg);
timeline_admire(&snac, xs_dict_get(n_msg, "object"), snac.actor, 1);
out = mastoapi_status(&snac, msg);
}
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "unfavourite") == 0) { /** **/
xs *n_msg = msg_repulsion(&snac, id, "Like");
if (n_msg != NULL) {
enqueue_message(&snac, n_msg);
out = mastoapi_status(&snac, msg);
}
2023-04-11 22:07:47 +03:00
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "reblog") == 0) { /** **/
2023-04-11 22:07:47 +03:00
xs *n_msg = msg_admiration(&snac, id, "Announce");
if (n_msg != NULL) {
enqueue_message(&snac, n_msg);
timeline_admire(&snac, xs_dict_get(n_msg, "object"), snac.actor, 0);
out = mastoapi_status(&snac, msg);
}
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "unreblog") == 0) { /** **/
xs *n_msg = msg_repulsion(&snac, id, "Announce");
if (n_msg != NULL) {
enqueue_message(&snac, n_msg);
out = mastoapi_status(&snac, msg);
}
2023-04-11 22:07:47 +03:00
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "bookmark") == 0) { /** **/
2023-04-11 22:07:47 +03:00
/* snac does not support bookmarks */
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "unbookmark") == 0) { /** **/
2023-04-11 22:07:47 +03:00
/* snac does not support bookmarks */
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "pin") == 0) { /** **/
/* pin this message */
if (pin(&snac, id))
out = mastoapi_status(&snac, msg);
else
status = 422;
2023-04-11 22:07:47 +03:00
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "unpin") == 0) { /** **/
/* unpin this message */
unpin(&snac, id);
out = mastoapi_status(&snac, msg);
2023-04-11 22:07:47 +03:00
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "mute") == 0) { /** **/
2023-04-11 22:07:47 +03:00
/* Mastodon's mute is snac's hide */
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(op, "unmute") == 0) { /** **/
2023-04-11 22:07:47 +03:00
/* Mastodon's unmute is snac's unhide */
}
}
if (out != NULL) {
*body = xs_json_dumps(out, 4);
2023-04-11 22:07:47 +03:00
*ctype = "application/json";
status = 200;
}
}
}
else
status = 401;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/notifications/clear") == 0) { /** **/
if (logged_in) {
notify_clear(&snac);
timeline_touch(&snac);
*body = xs_dup("{}");
*ctype = "application/json";
status = 200;
}
else
status = 401;
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/push/subscription") == 0) { /** **/
/* I don't know what I'm doing */
if (logged_in) {
2024-05-21 15:12:15 +03:00
const char *v;
xs *wpush = xs_dict_new();
wpush = xs_dict_append(wpush, "id", "1");
v = xs_dict_get(args, "data");
v = xs_dict_get(v, "alerts");
wpush = xs_dict_append(wpush, "alerts", v);
v = xs_dict_get(args, "subscription");
v = xs_dict_get(v, "endpoint");
wpush = xs_dict_append(wpush, "endpoint", v);
xs *server_key = random_str();
wpush = xs_dict_append(wpush, "server_key", server_key);
*body = xs_json_dumps(wpush, 4);
*ctype = "application/json";
status = 200;
}
else
status = 401;
2023-04-16 09:13:45 +03:00
}
else
2023-05-12 13:29:24 +03:00
if (strcmp(cmd, "/v1/media") == 0 || strcmp(cmd, "/v2/media") == 0) { /** **/
2023-04-16 09:13:45 +03:00
if (logged_in) {
const xs_list *file = xs_dict_get(args, "file");
const char *desc = xs_dict_get(args, "description");
if (xs_is_null(desc))
desc = "";
status = 400;
if (xs_type(file) == XSTYPE_LIST) {
const char *fn = xs_list_get(file, 0);
if (*fn != '\0') {
char *ext = strrchr(fn, '.');
xs *hash = xs_md5_hex(fn, strlen(fn));
xs *id = xs_fmt("%s%s", hash, ext);
xs *url = xs_fmt("%s/s/%s", snac.actor, id);
int fo = xs_number_get(xs_list_get(file, 1));
int fs = xs_number_get(xs_list_get(file, 2));
/* store */
static_put(&snac, id, payload + fo, fs);
static_put_meta(&snac, id, desc);
/* prepare a response */
xs *rsp = xs_dict_new();
rsp = xs_dict_append(rsp, "id", id);
rsp = xs_dict_append(rsp, "type", "image");
rsp = xs_dict_append(rsp, "url", url);
rsp = xs_dict_append(rsp, "preview_url", url);
rsp = xs_dict_append(rsp, "remote_url", url);
rsp = xs_dict_append(rsp, "description", desc);
*body = xs_json_dumps(rsp, 4);
*ctype = "application/json";
status = 200;
}
}
2023-04-16 09:13:45 +03:00
}
else
status = 401;
}
2023-04-23 09:44:26 +03:00
else
2023-05-12 13:29:24 +03:00
if (xs_startswith(cmd, "/v1/accounts")) { /** **/
2023-04-23 09:44:26 +03:00
if (logged_in) {
/* account-related information */
xs *l = xs_split(cmd, "/");
const char *md5 = xs_list_get(l, 3);
const char *opt = xs_list_get(l, 4);
xs *rsp = NULL;
if (!xs_is_null(md5) && *md5) {
xs *actor_o = NULL;
if (xs_is_null(opt)) {
/* ? */
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(opt, "follow") == 0) { /** **/
2023-04-23 09:44:26 +03:00
if (valid_status(object_get_by_md5(md5, &actor_o))) {
const char *actor = xs_dict_get(actor_o, "id");
xs *msg = msg_follow(&snac, actor);
if (msg != NULL) {
/* reload the actor from the message, in may be different */
actor = xs_dict_get(msg, "object");
following_add(&snac, actor, msg);
enqueue_output_by_actor(&snac, msg, actor, 0);
rsp = mastoapi_relationship(&snac, md5);
}
}
}
else
2023-05-12 14:06:38 +03:00
if (strcmp(opt, "unfollow") == 0) { /** **/
2023-04-23 09:51:02 +03:00
if (valid_status(object_get_by_md5(md5, &actor_o))) {
const char *actor = xs_dict_get(actor_o, "id");
/* get the following object */
xs *object = NULL;
if (valid_status(following_get(&snac, actor, &object))) {
xs *msg = msg_undo(&snac, xs_dict_get(object, "object"));
following_del(&snac, actor);
enqueue_output_by_actor(&snac, msg, actor, 0);
rsp = mastoapi_relationship(&snac, md5);
}
}
2023-04-23 09:44:26 +03:00
}
2023-05-18 10:46:21 +03:00
else
if (strcmp(opt, "block") == 0) { /** **/
if (valid_status(object_get_by_md5(md5, &actor_o))) {
const char *actor = xs_dict_get(actor_o, "id");
mute(&snac, actor);
rsp = mastoapi_relationship(&snac, md5);
}
}
else
if (strcmp(opt, "unblock") == 0) { /** **/
if (valid_status(object_get_by_md5(md5, &actor_o))) {
const char *actor = xs_dict_get(actor_o, "id");
unmute(&snac, actor);
rsp = mastoapi_relationship(&snac, md5);
}
}
2023-04-23 09:44:26 +03:00
}
if (rsp != NULL) {
*body = xs_json_dumps(rsp, 4);
2023-04-23 09:44:26 +03:00
*ctype = "application/json";
status = 200;
}
}
else
status = 401;
}
else
if (xs_startswith(cmd, "/v1/polls")) { /** **/
if (logged_in) {
/* operations on a status */
xs *l = xs_split(cmd, "/");
const char *mid = xs_list_get(l, 3);
const char *op = xs_list_get(l, 4);
if (!xs_is_null(mid)) {
xs *msg = NULL;
xs *out = NULL;
/* skip the 'fake' part of the id */
mid = MID_TO_MD5(mid);
if (valid_status(timeline_get_by_md5(&snac, mid, &msg))) {
2023-06-01 09:40:08 +03:00
const char *id = xs_dict_get(msg, "id");
const char *atto = get_atto(msg);
2023-06-01 09:40:08 +03:00
2024-05-21 15:12:15 +03:00
const xs_list *opts = xs_dict_get(msg, "oneOf");
2023-06-01 09:40:08 +03:00
if (opts == NULL)
opts = xs_dict_get(msg, "anyOf");
if (op == NULL) {
}
else
if (strcmp(op, "votes") == 0) {
2024-05-21 15:12:15 +03:00
const xs_list *choices = xs_dict_get(args, "choices[]");
2023-06-01 09:40:08 +03:00
2023-08-13 14:00:36 +03:00
if (xs_is_null(choices))
choices = xs_dict_get(args, "choices");
2023-06-01 09:40:08 +03:00
if (xs_type(choices) == XSTYPE_LIST) {
xs_str *v;
2024-05-21 15:12:15 +03:00
int c = 0;
while (xs_list_next(choices, &v, &c)) {
2023-06-01 09:40:08 +03:00
int io = atoi(v);
const xs_dict *o = xs_list_get(opts, io);
if (o) {
const char *name = xs_dict_get(o, "name");
xs *msg = msg_note(&snac, "", atto, (char *)id, NULL, 1);
msg = xs_dict_append(msg, "name", name);
xs *c_msg = msg_create(&snac, msg);
enqueue_message(&snac, c_msg);
timeline_add(&snac, xs_dict_get(msg, "id"), msg);
}
}
2023-06-01 09:40:08 +03:00
out = mastoapi_poll(&snac, msg);
}
}
}
if (out != NULL) {
*body = xs_json_dumps(out, 4);
*ctype = "application/json";
status = 200;
}
}
}
else
status = 401;
2023-04-23 09:44:26 +03:00
}
2024-04-29 08:43:01 +03:00
else
if (strcmp(cmd, "/v1/lists") == 0) {
if (logged_in) {
const char *title = xs_dict_get(args, "title");
if (xs_type(title) == XSTYPE_STRING) {
/* add the list */
xs *out = xs_dict_new();
2024-04-29 09:29:18 +03:00
if (xs_type(list_maint(&snac, title, 1)) == XSTYPE_TRUE) {
out = xs_dict_append(out, "title", title);
out = xs_dict_append(out, "replies_policy", xs_dict_get_def(args, "replies_policy", "list"));
out = xs_dict_append(out, "exclusive", xs_stock(XSTYPE_FALSE));
status = 200;
}
else {
out = xs_dict_append(out, "error", "cannot create list");
status = 422;
}
2024-04-29 08:43:01 +03:00
*body = xs_json_dumps(out, 4);
*ctype = "application/json";
}
else
status = 422;
}
}
2024-04-29 10:26:37 +03:00
if (xs_startswith(cmd, "/v1/lists/")) { /** list maintenance **/
if (logged_in) {
xs *l = xs_split(cmd, "/");
2024-05-21 15:12:15 +03:00
const char *op = xs_list_get(l, -1);
const char *id = xs_list_get(l, -2);
2024-04-29 10:26:37 +03:00
if (op && id && xs_is_hex(id)) {
if (strcmp(op, "accounts") == 0) {
2024-05-21 15:12:15 +03:00
const xs_list *accts = xs_dict_get(args, "account_ids[]");
2024-04-29 10:26:37 +03:00
int c = 0;
char *v;
while (xs_list_next(accts, &v, &c)) {
list_content(&snac, id, v, 1);
}
status = 200;
}
}
}
else
status = 422;
}
2023-04-08 07:09:05 +03:00
/* user cleanup */
if (logged_in)
user_free(&snac);
2024-04-14 19:31:53 +03:00
srv_debug(1, xs_fmt("mastoapi_post_handler %s %d", q_path, status));
2023-04-08 07:09:05 +03:00
return status;
}
2023-04-22 02:21:09 +03:00
int mastoapi_delete_handler(const xs_dict *req, const char *q_path,
2024-04-29 10:26:37 +03:00
const char *payload, int p_size,
char **body, int *b_size, char **ctype)
{
(void)p_size;
(void)body;
(void)b_size;
(void)ctype;
if (!xs_startswith(q_path, "/api/v1/") && !xs_startswith(q_path, "/api/v2/"))
return 0;
2024-04-29 10:26:37 +03:00
int status = 404;
xs *args = NULL;
2024-05-21 15:12:15 +03:00
const char *i_ctype = xs_dict_get(req, "content-type");
2024-04-29 10:26:37 +03:00
if (i_ctype && xs_startswith(i_ctype, "application/json")) {
if (!xs_is_null(payload))
args = xs_json_loads(payload);
}
else if (i_ctype && xs_startswith(i_ctype, "application/x-www-form-urlencoded"))
{
// Some apps send form data instead of json so we should cater for those
if (!xs_is_null(payload)) {
xs *upl = xs_url_dec(payload);
args = xs_url_vars(upl);
}
}
else
args = xs_dup(xs_dict_get(req, "p_vars"));
if (args == NULL)
return 400;
2024-04-29 09:29:18 +03:00
snac snac = {0};
int logged_in = process_auth_token(&snac, req);
xs *cmd = xs_replace_n(q_path, "/api", "", 1);
2024-04-29 09:29:18 +03:00
if (xs_startswith(cmd, "/v1/push/subscription") || xs_startswith(cmd, "/v2/push/subscription")) { /** **/
// pretend we deleted it, since it doesn't exist anyway
2024-04-29 09:29:18 +03:00
status = 200;
}
2024-04-29 09:29:18 +03:00
else
if (xs_startswith(cmd, "/v1/lists/")) {
if (logged_in) {
xs *l = xs_split(cmd, "/");
2024-05-21 15:12:15 +03:00
const char *p = xs_list_get(l, -1);
2024-04-29 10:26:37 +03:00
if (p) {
if (strcmp(p, "accounts") == 0) {
/* delete account from list */
p = xs_list_get(l, -2);
2024-05-21 15:12:15 +03:00
const xs_list *accts = xs_dict_get(args, "account_ids[]");
2024-04-29 10:26:37 +03:00
int c = 0;
char *v;
while (xs_list_next(accts, &v, &c)) {
list_content(&snac, p, v, 2);
}
}
else {
/* delete list */
if (xs_is_hex(p)) {
list_maint(&snac, p, 2);
}
}
2024-04-29 09:29:18 +03:00
}
status = 200;
}
else
status = 401;
}
/* user cleanup */
if (logged_in)
user_free(&snac);
srv_debug(1, xs_fmt("mastoapi_delete_handler %s %d", q_path, status));
return status;
}
2023-04-22 02:21:09 +03:00
int mastoapi_put_handler(const xs_dict *req, const char *q_path,
const char *payload, int p_size,
char **body, int *b_size, char **ctype)
{
2023-05-04 10:28:36 +03:00
(void)p_size;
(void)b_size;
2023-04-22 02:21:09 +03:00
if (!xs_startswith(q_path, "/api/v1/") && !xs_startswith(q_path, "/api/v2/"))
return 0;
int status = 404;
xs *args = NULL;
2024-05-21 15:12:15 +03:00
const char *i_ctype = xs_dict_get(req, "content-type");
2023-04-22 02:21:09 +03:00
if (i_ctype && xs_startswith(i_ctype, "application/json")) {
if (!xs_is_null(payload))
args = xs_json_loads(payload);
}
2023-04-22 02:21:09 +03:00
else
args = xs_dup(xs_dict_get(req, "p_vars"));
if (args == NULL)
return 400;
2023-05-02 07:49:00 +03:00
xs *cmd = xs_replace_n(q_path, "/api", "", 1);
2023-04-22 02:21:09 +03:00
snac snac = {0};
int logged_in = process_auth_token(&snac, req);
2023-05-12 13:29:24 +03:00
if (xs_startswith(cmd, "/v1/media") || xs_startswith(cmd, "/v2/media")) { /** **/
2023-04-22 02:21:09 +03:00
if (logged_in) {
xs *l = xs_split(cmd, "/");
const char *stid = xs_list_get(l, 3);
if (!xs_is_null(stid)) {
const char *desc = xs_dict_get(args, "description");
/* set the image metadata */
static_put_meta(&snac, stid, desc);
/* prepare a response */
xs *rsp = xs_dict_new();
xs *url = xs_fmt("%s/s/%s", snac.actor, stid);
rsp = xs_dict_append(rsp, "id", stid);
rsp = xs_dict_append(rsp, "type", "image");
rsp = xs_dict_append(rsp, "url", url);
rsp = xs_dict_append(rsp, "preview_url", url);
rsp = xs_dict_append(rsp, "remote_url", url);
rsp = xs_dict_append(rsp, "description", desc);
*body = xs_json_dumps(rsp, 4);
2023-04-22 02:21:09 +03:00
*ctype = "application/json";
status = 200;
}
}
else
status = 401;
}
else
if (xs_startswith(cmd, "/v1/statuses")) {
if (logged_in) {
xs *l = xs_split(cmd, "/");
const char *mid = xs_list_get(l, 3);
if (!xs_is_null(mid)) {
const char *md5 = MID_TO_MD5(mid);
xs *rsp = NULL;
xs *msg = NULL;
if (valid_status(timeline_get_by_md5(&snac, md5, &msg))) {
const char *content = xs_dict_get(args, "status");
xs *atls = xs_list_new();
xs *f_content = not_really_markdown(content, &atls, NULL);
/* replace fields with new content */
msg = xs_dict_set(msg, "sourceContent", content);
msg = xs_dict_set(msg, "content", f_content);
xs *updated = xs_str_utctime(0, ISO_DATE_SPEC);
msg = xs_dict_set(msg, "updated", updated);
/* overwrite object, not updating the indexes */
object_add_ow(xs_dict_get(msg, "id"), msg);
/* update message */
xs *c_msg = msg_update(&snac, msg);
enqueue_message(&snac, c_msg);
rsp = mastoapi_status(&snac, msg);
}
if (rsp != NULL) {
*body = xs_json_dumps(rsp, 4);
*ctype = "application/json";
status = 200;
}
}
}
else
status = 401;
}
2023-04-22 02:21:09 +03:00
/* user cleanup */
if (logged_in)
user_free(&snac);
srv_debug(1, xs_fmt("mastoapi_put_handler %s %d", q_path, status));
2023-04-22 02:21:09 +03:00
return status;
}
void mastoapi_purge(void)
{
2023-04-28 09:58:33 +03:00
xs *spec = xs_fmt("%s/app/" "*.json", srv_basedir);
xs *files = xs_glob(spec, 1, 0);
xs_list *p = files;
xs_str *v;
time_t mt = time(NULL) - 3600;
while (xs_list_iter(&p, &v)) {
xs *cid = xs_replace(v, ".json", "");
xs *fn = _app_fn(cid);
if (mtime(fn) < mt) {
/* get the app */
xs *app = app_get(cid);
if (app) {
/* old apps with no uid are incomplete cruft */
const char *uid = xs_dict_get(app, "uid");
if (xs_is_null(uid) || *uid == '\0') {
unlink(fn);
srv_debug(2, xs_fmt("purged %s", fn));
}
}
}
}
}
#endif /* #ifndef NO_MASTODON_API */