Only allow logged-in user to use statuses API

author: poesty 2023-06-11 12:06:37 +0800
committer: poesty 2023-06-11 12:06:37 +0800
commit: fb5f34bb5aeea467f9ecfc0a551c32e8ef2c9bd6 (patch)
tree: 70b00c4361a45f223dc2c7a2acfa2697e446c0a4
parent: Only allow logged-in user to use search API (diff)
download: snac2-fb5f34bb5aeea467f9ecfc0a551c32e8ef2c9bd6.tar.gz
snac2-fb5f34bb5aeea467f9ecfc0a551c32e8ef2c9bd6.tar.xz
snac2-fb5f34bb5aeea467f9ecfc0a551c32e8ef2c9bd6.zip
1 files changed, 74 insertions, 70 deletions
diff --git a/mastoapi.c b/mastoapi.c
index c158748..acefe57 100644
--- a/mastoapi.c
+++ b/mastoapi.c
@@ -1510,102 +1510,106 @@ int mastoapi_get_handler(const xs_dict *req, const char *q_path,
    else
    if (xs_startswith(cmd, "/v1/statuses/")) { /** **/
        /* information about a status */
-        xs *l = xs_split(cmd, "/");
+        if (logged_in) {
-        const char *id = xs_list_get(l, 3);
+            xs *l = xs_split(cmd, "/");
-        const char *op = xs_list_get(l, 4);
+            const char *id = xs_list_get(l, 3);
+            const char *op = xs_list_get(l, 4);
-        if (!xs_is_null(id)) {
+            if (!xs_is_null(id)) {
-            xs *msg = NULL;
+                xs *msg = NULL;
-            xs *out = NULL;
+                xs *out = NULL;
-            /* skip the 'fake' part of the id */
+                /* skip the 'fake' part of the id */
-            id = MID_TO_MD5(id);
+                id = MID_TO_MD5(id);
-            if (valid_status(object_get_by_md5(id, &msg))) {
+                if (valid_status(object_get_by_md5(id, &msg))) {
-                if (op == NULL) {
+                    if (op == NULL) {
-                    if (!is_muted(&snac1, xs_dict_get(msg, "attributedTo"))) {
+                        if (!is_muted(&snac1, xs_dict_get(msg, "attributedTo"))) {
-                        /* return the status itself */
+                            /* return the status itself */
-                        out = mastoapi_status(&snac1, msg);
+                            out = mastoapi_status(&snac1, msg);
+                        }
                    }
-                }
+                    else
-                else
+                    if (strcmp(op, "context") == 0) { /** **/
-                if (strcmp(op, "context") == 0) { /** **/
+                        /* return ancestors and children */
-                    /* return ancestors and children */
+                        xs *anc = xs_list_new();
-                    xs *anc = xs_list_new();
+                        xs *des = xs_list_new();
-                    xs *des = xs_list_new();
+                        xs_list *p;
-                    xs_list *p;
+                        xs_str *v;
-                    xs_str *v;
+                        char pid[64];
-                    char pid[64];
-                    /* build the [grand]parent list, moving up */
+                        /* build the [grand]parent list, moving up */
-                    strncpy(pid, id, sizeof(pid));
+                        strncpy(pid, id, sizeof(pid));
-                    while (object_parent(pid, pid, sizeof(pid))) {
+                        while (object_parent(pid, pid, sizeof(pid))) {
-                        xs *m2 = NULL;
+                            xs *m2 = NULL;
-                        if (valid_status(timeline_get_by_md5(&snac1, pid, &m2))) {
+                            if (valid_status(timeline_get_by_md5(&snac1, pid, &m2))) {
-                            xs *st = mastoapi_status(&snac1, m2);
+                                xs *st = mastoapi_status(&snac1, m2);
-                            anc = xs_list_insert(anc, 0, st);
+                                anc = xs_list_insert(anc, 0, st);
+                            }
+                            else
+                                break;
                        }
-                        else
-                            break;
-                    }
-                    /* build the children list */
+                        /* build the children list */
-                    xs *children = object_children(xs_dict_get(msg, "id"));
+                        xs *children = object_children(xs_dict_get(msg, "id"));
-                    p = children;
+                        p = children;
-                    while (xs_list_iter(&p, &v)) {
+                        while (xs_list_iter(&p, &v)) {
-                        xs *m2 = NULL;
+                            xs *m2 = NULL;
-                        if (valid_status(timeline_get_by_md5(&snac1, v, &m2))) {
+                            if (valid_status(timeline_get_by_md5(&snac1, v, &m2))) {
-                            if (xs_is_null(xs_dict_get(m2, "name"))) {
+                                if (xs_is_null(xs_dict_get(m2, "name"))) {
-                                xs *st = mastoapi_status(&snac1, m2);
+                                    xs *st = mastoapi_status(&snac1, m2);
-                                des = xs_list_append(des, st);
+                                    des = xs_list_append(des, st);
+                                }
                            }
                        }
-                    }
-                    out = xs_dict_new();
+                        out = xs_dict_new();
-                    out = xs_dict_append(out, "ancestors",   anc);
+                        out = xs_dict_append(out, "ancestors",   anc);
-                    out = xs_dict_append(out, "descendants", des);
+                        out = xs_dict_append(out, "descendants", des);
-                }
+                    }
-                else
+                    else
-                if (strcmp(op, "reblogged_by") == 0 || /** **/
+                    if (strcmp(op, "reblogged_by") == 0 || /** **/
-                    strcmp(op, "favourited_by") == 0) { /** **/
+                        strcmp(op, "favourited_by") == 0) { /** **/
-                    /* return the list of people who liked or boosted this */
+                        /* return the list of people who liked or boosted this */
-                    out = xs_list_new();
+                        out = xs_list_new();
-                    xs *l = NULL;
+                        xs *l = NULL;
-                    if (op[0] == 'r')
+                        if (op[0] == 'r')
-                        l = object_announces(xs_dict_get(msg, "id"));
+                            l = object_announces(xs_dict_get(msg, "id"));
-                    else
+                        else
-                        l = object_likes(xs_dict_get(msg, "id"));
+                            l = object_likes(xs_dict_get(msg, "id"));
-                    xs_list *p = l;
+                        xs_list *p = l;
-                    xs_str *v;
+                        xs_str *v;
-                    while (xs_list_iter(&p, &v)) {
+                        while (xs_list_iter(&p, &v)) {
-                        xs *actor2 = NULL;
+                            xs *actor2 = NULL;
-                        if (valid_status(object_get_by_md5(v, &actor2))) {
+                            if (valid_status(object_get_by_md5(v, &actor2))) {
-                            xs *acct2 = mastoapi_account(actor2);
+                                xs *acct2 = mastoapi_account(actor2);
-                            out = xs_list_append(out, acct2);
+                                out = xs_list_append(out, acct2);
+                            }
                        }
                    }
                }
-            }
+                else
-            else
+                    srv_debug(1, xs_fmt("mastoapi status: bad id %s", id));
-                srv_debug(1, xs_fmt("mastoapi status: bad id %s", id));
-            if (out != NULL) {
+                if (out != NULL) {
-                *body  = xs_json_dumps_pp(out, 4);
+                    *body  = xs_json_dumps_pp(out, 4);
-                *ctype = "application/json";
+                    *ctype = "application/json";
-                status = 200;
+                    status = 200;
+                }
            }
        }
+        else
+            status = 401;
    }
    else
    if (strcmp(cmd, "/v1/preferences") == 0) { /** **/
author	poesty	2023-06-11 12:06:37 +0800
committer	poesty	2023-06-11 12:06:37 +0800
commit	fb5f34bb5aeea467f9ecfc0a551c32e8ef2c9bd6 (patch)
tree	70b00c4361a45f223dc2c7a2acfa2697e446c0a4
parent	Only allow logged-in user to use search API (diff)
download	snac2-fb5f34bb5aeea467f9ecfc0a551c32e8ef2c9bd6.tar.gz snac2-fb5f34bb5aeea467f9ecfc0a551c32e8ef2c9bd6.tar.xz snac2-fb5f34bb5aeea467f9ecfc0a551c32e8ef2c9bd6.zip

diff --git a/mastoapi.c b/mastoapi.c index c158748..acefe57 100644 --- a/mastoapi.c +++ b/mastoapi.c
@@ -1510,102 +1510,106 @@ int mastoapi_get_handler(const xs_dict req, const char q_path,
1510	else	1510	else
1511	if (xs_startswith(cmd, "/v1/statuses/")) { / /	1511	if (xs_startswith(cmd, "/v1/statuses/")) { / /
1512	/* information about a status */	1512	/* information about a status */
1513	xs *l = xs_split(cmd, "/");	1513	if (logged_in) {
1514	const char *id = xs_list_get(l, 3);	1514	xs *l = xs_split(cmd, "/");
1515	const char *op = xs_list_get(l, 4);	1515	const char *id = xs_list_get(l, 3);
		1516	const char *op = xs_list_get(l, 4);
1516		1517
1517	if (!xs_is_null(id)) {	1518	if (!xs_is_null(id)) {
1518	xs *msg = NULL;	1519	xs *msg = NULL;
1519	xs *out = NULL;	1520	xs *out = NULL;
1520		1521
1521	/* skip the 'fake' part of the id */	1522	/* skip the 'fake' part of the id */
1522	id = MID_TO_MD5(id);	1523	id = MID_TO_MD5(id);
1523		1524
1524	if (valid_status(object_get_by_md5(id, &msg))) {	1525	if (valid_status(object_get_by_md5(id, &msg))) {
1525	if (op == NULL) {	1526	if (op == NULL) {
1526	if (!is_muted(&snac1, xs_dict_get(msg, "attributedTo"))) {	1527	if (!is_muted(&snac1, xs_dict_get(msg, "attributedTo"))) {
1527	/* return the status itself */	1528	/* return the status itself */
1528	out = mastoapi_status(&snac1, msg);	1529	out = mastoapi_status(&snac1, msg);
		1530	}
1529	}	1531	}
1530	}	1532	else
1531	else	1533	if (strcmp(op, "context") == 0) { / /
1532	if (strcmp(op, "context") == 0) { / /	1534	/* return ancestors and children */
1533	/* return ancestors and children */	1535	xs *anc = xs_list_new();
1534	xs *anc = xs_list_new();	1536	xs *des = xs_list_new();
1535	xs *des = xs_list_new();	1537	xs_list *p;
1536	xs_list *p;	1538	xs_str *v;
1537	xs_str *v;	1539	char pid[64];
1538	char pid[64];
1539		1540
1540	/* build the [grand]parent list, moving up */	1541	/* build the [grand]parent list, moving up */
1541	strncpy(pid, id, sizeof(pid));	1542	strncpy(pid, id, sizeof(pid));
1542		1543
1543	while (object_parent(pid, pid, sizeof(pid))) {	1544	while (object_parent(pid, pid, sizeof(pid))) {
1544	xs *m2 = NULL;	1545	xs *m2 = NULL;
1545		1546
1546	if (valid_status(timeline_get_by_md5(&snac1, pid, &m2))) {	1547	if (valid_status(timeline_get_by_md5(&snac1, pid, &m2))) {
1547	xs *st = mastoapi_status(&snac1, m2);	1548	xs *st = mastoapi_status(&snac1, m2);
1548	anc = xs_list_insert(anc, 0, st);	1549	anc = xs_list_insert(anc, 0, st);
		1550	}
		1551	else
		1552	break;
1549	}	1553	}
1550	else
1551	break;
1552	}
1553		1554
1554	/* build the children list */	1555	/* build the children list */
1555	xs *children = object_children(xs_dict_get(msg, "id"));	1556	xs *children = object_children(xs_dict_get(msg, "id"));
1556	p = children;	1557	p = children;
1557		1558
1558	while (xs_list_iter(&p, &v)) {	1559	while (xs_list_iter(&p, &v)) {
1559	xs *m2 = NULL;	1560	xs *m2 = NULL;
1560		1561
1561	if (valid_status(timeline_get_by_md5(&snac1, v, &m2))) {	1562	if (valid_status(timeline_get_by_md5(&snac1, v, &m2))) {
1562	if (xs_is_null(xs_dict_get(m2, "name"))) {	1563	if (xs_is_null(xs_dict_get(m2, "name"))) {
1563	xs *st = mastoapi_status(&snac1, m2);	1564	xs *st = mastoapi_status(&snac1, m2);
1564	des = xs_list_append(des, st);	1565	des = xs_list_append(des, st);
		1566	}
1565	}	1567	}
1566	}	1568	}
1567	}
1568		1569
1569	out = xs_dict_new();	1570	out = xs_dict_new();
1570	out = xs_dict_append(out, "ancestors", anc);	1571	out = xs_dict_append(out, "ancestors", anc);
1571	out = xs_dict_append(out, "descendants", des);	1572	out = xs_dict_append(out, "descendants", des);
1572	}	1573	}
1573	else	1574	else
1574	if (strcmp(op, "reblogged_by") == 0 \|\| / /	1575	if (strcmp(op, "reblogged_by") == 0 \|\| / /
1575	strcmp(op, "favourited_by") == 0) { / /	1576	strcmp(op, "favourited_by") == 0) { / /
1576	/* return the list of people who liked or boosted this */	1577	/* return the list of people who liked or boosted this */
1577	out = xs_list_new();	1578	out = xs_list_new();
1578		1579
1579	xs *l = NULL;	1580	xs *l = NULL;
1580		1581
1581	if (op[0] == 'r')	1582	if (op[0] == 'r')
1582	l = object_announces(xs_dict_get(msg, "id"));	1583	l = object_announces(xs_dict_get(msg, "id"));
1583	else	1584	else
1584	l = object_likes(xs_dict_get(msg, "id"));	1585	l = object_likes(xs_dict_get(msg, "id"));
1585		1586
1586	xs_list *p = l;	1587	xs_list *p = l;
1587	xs_str *v;	1588	xs_str *v;
1588		1589
1589	while (xs_list_iter(&p, &v)) {	1590	while (xs_list_iter(&p, &v)) {
1590	xs *actor2 = NULL;	1591	xs *actor2 = NULL;
1591		1592
1592	if (valid_status(object_get_by_md5(v, &actor2))) {	1593	if (valid_status(object_get_by_md5(v, &actor2))) {
1593	xs *acct2 = mastoapi_account(actor2);	1594	xs *acct2 = mastoapi_account(actor2);
1594		1595
1595	out = xs_list_append(out, acct2);	1596	out = xs_list_append(out, acct2);
		1597	}
1596	}	1598	}
1597	}	1599	}
1598	}	1600	}
1599	}	1601	else
1600	else	1602	srv_debug(1, xs_fmt("mastoapi status: bad id %s", id));
1601	srv_debug(1, xs_fmt("mastoapi status: bad id %s", id));
1602		1603
1603	if (out != NULL) {	1604	if (out != NULL) {
1604	*body = xs_json_dumps_pp(out, 4);	1605	*body = xs_json_dumps_pp(out, 4);
1605	*ctype = "application/json";	1606	*ctype = "application/json";
1606	status = 200;	1607	status = 200;
		1608	}
1607	}	1609	}
1608	}	1610	}
		1611	else
		1612	status = 401;
1609	}	1613	}
1610	else	1614	else
1611	if (strcmp(cmd, "/v1/preferences") == 0) { / /	1615	if (strcmp(cmd, "/v1/preferences") == 0) { / /