dfa13deaa1
Conflicts: - `app/controllers/statuses_controller.rb`: Upstream disabled the embed controller for reblogs. Not a real conflict, but glitch-soc has an extra line to deal with its theming system. Ported upstream changes. - `app/javascript/packs/public.js`: Upstream made changes to get rid of most inline CSS, this changes javascript for public pages, which in glitch are split between different files. Ported those changes. - `app/models/status.rb`: Upstream changed the block check in `Status#permitted_for` to include domain-block checks. Not a real conflict with glitch-soc, but our scope is slightly different, as our scope for unauthenticated access do not include instance-local toots. Ported upstream changes. - `app/serializers/rest/instance_serializer.rb`: Not a real conflict, upstream added a new field to the instance serializer, the conflict is one line above since we added more of that. Ported upstream changes. - `app/views/settings/profiles/show.html.haml`: Upstream got rid of most inline CSS and moved hidden elements to data attributes in the process, in fields were we have different values. Ported upstream changes while keeping our glitch-specific values. - `app/views/statuses/_simple_status.html.haml`: Upstream got rid of inline CSS on an HAML line we treat differently, stripping empty text nodes. Ported upstream changes to the style attribute, keeping the empty text node stripping behavior.
92 lines
2.6 KiB
Ruby
92 lines
2.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class StatusesController < ApplicationController
|
|
include StatusControllerConcern
|
|
include SignatureAuthentication
|
|
include Authorization
|
|
include AccountOwnedConcern
|
|
|
|
layout 'public'
|
|
|
|
before_action :require_signature!, only: :show, if: -> { request.format == :json && authorized_fetch_mode? }
|
|
before_action :set_status
|
|
before_action :set_instance_presenter
|
|
before_action :set_link_headers
|
|
before_action :redirect_to_original, only: :show
|
|
before_action :set_referrer_policy_header, only: :show
|
|
before_action :set_cache_headers
|
|
before_action :set_body_classes
|
|
before_action :set_autoplay, only: :embed
|
|
|
|
skip_around_action :set_locale, if: -> { request.format == :json }
|
|
skip_before_action :require_functional!, only: [:show, :embed]
|
|
|
|
content_security_policy only: :embed do |p|
|
|
p.frame_ancestors(false)
|
|
end
|
|
|
|
def show
|
|
respond_to do |format|
|
|
format.html do
|
|
use_pack 'public'
|
|
|
|
expires_in 10.seconds, public: true if current_account.nil?
|
|
set_ancestors
|
|
set_descendants
|
|
end
|
|
|
|
format.json do
|
|
expires_in 3.minutes, public: @status.distributable? && public_fetch_mode?
|
|
render_with_cache json: @status, content_type: 'application/activity+json', serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter
|
|
end
|
|
end
|
|
end
|
|
|
|
def activity
|
|
expires_in 3.minutes, public: @status.distributable? && public_fetch_mode?
|
|
render_with_cache json: @status, content_type: 'application/activity+json', serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter
|
|
end
|
|
|
|
def embed
|
|
use_pack 'embed'
|
|
return not_found if @status.hidden? || @status.reblog?
|
|
|
|
expires_in 180, public: true
|
|
response.headers['X-Frame-Options'] = 'ALLOWALL'
|
|
|
|
render layout: 'embedded'
|
|
end
|
|
|
|
private
|
|
|
|
def set_body_classes
|
|
@body_classes = 'with-modals'
|
|
end
|
|
|
|
def set_link_headers
|
|
response.headers['Link'] = LinkHeader.new([[ActivityPub::TagManager.instance.uri_for(@status), [%w(rel alternate), %w(type application/activity+json)]]])
|
|
end
|
|
|
|
def set_status
|
|
@status = @account.statuses.find(params[:id])
|
|
authorize @status, :show?
|
|
rescue Mastodon::NotPermittedError
|
|
not_found
|
|
end
|
|
|
|
def set_instance_presenter
|
|
@instance_presenter = InstancePresenter.new
|
|
end
|
|
|
|
def redirect_to_original
|
|
redirect_to ActivityPub::TagManager.instance.url_for(@status.reblog) if @status.reblog?
|
|
end
|
|
|
|
def set_referrer_policy_header
|
|
response.headers['Referrer-Policy'] = 'origin' unless @status.distributable?
|
|
end
|
|
|
|
def set_autoplay
|
|
@autoplay = truthy_param?(:autoplay)
|
|
end
|
|
end
|