1
0
Fork 0
forked from mirror/pixelfed

Update BaseApiController

This commit is contained in:
Daniel Supernault 2019-09-20 22:27:00 -06:00
parent 5c327a0ae2
commit 9886ec5954
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7

View file

@ -40,13 +40,15 @@ class BaseApiController extends Controller
public function __construct() public function __construct()
{ {
$this->middleware('auth'); // $this->middleware('auth');
$this->fractal = new Fractal\Manager(); $this->fractal = new Fractal\Manager();
$this->fractal->setSerializer(new ArraySerializer()); $this->fractal->setSerializer(new ArraySerializer());
} }
public function notifications(Request $request) public function notifications(Request $request)
{ {
abort_if(!$request->user(), 403);
$pid = Auth::user()->profile->id; $pid = Auth::user()->profile->id;
$pg = $request->input('pg'); $pg = $request->input('pg');
if($pg == true) { if($pg == true) {
@ -74,6 +76,7 @@ class BaseApiController extends Controller
public function accounts(Request $request, $id) public function accounts(Request $request, $id)
{ {
abort_if(!$request->user(), 403);
$profile = Profile::findOrFail($id); $profile = Profile::findOrFail($id);
$resource = new Fractal\Resource\Item($profile, new AccountTransformer()); $resource = new Fractal\Resource\Item($profile, new AccountTransformer());
$res = $this->fractal->createData($resource)->toArray(); $res = $this->fractal->createData($resource)->toArray();
@ -83,6 +86,7 @@ class BaseApiController extends Controller
public function accountFollowers(Request $request, $id) public function accountFollowers(Request $request, $id)
{ {
abort_if(!$request->user(), 403);
$profile = Profile::findOrFail($id); $profile = Profile::findOrFail($id);
$followers = $profile->followers; $followers = $profile->followers;
$resource = new Fractal\Resource\Collection($followers, new AccountTransformer()); $resource = new Fractal\Resource\Collection($followers, new AccountTransformer());
@ -93,6 +97,7 @@ class BaseApiController extends Controller
public function accountFollowing(Request $request, $id) public function accountFollowing(Request $request, $id)
{ {
abort_if(!$request->user(), 403);
$profile = Profile::findOrFail($id); $profile = Profile::findOrFail($id);
$following = $profile->following; $following = $profile->following;
$resource = new Fractal\Resource\Collection($following, new AccountTransformer()); $resource = new Fractal\Resource\Collection($following, new AccountTransformer());
@ -103,6 +108,7 @@ class BaseApiController extends Controller
public function accountStatuses(Request $request, $id) public function accountStatuses(Request $request, $id)
{ {
abort_if(!$request->user(), 403);
$this->validate($request, [ $this->validate($request, [
'only_media' => 'nullable', 'only_media' => 'nullable',
'pinned' => 'nullable', 'pinned' => 'nullable',
@ -152,6 +158,7 @@ class BaseApiController extends Controller
public function avatarUpdate(Request $request) public function avatarUpdate(Request $request)
{ {
abort_if(!$request->user(), 403);
$this->validate($request, [ $this->validate($request, [
'upload' => 'required|mimes:jpeg,png,gif|max:'.config('pixelfed.max_avatar_size'), 'upload' => 'required|mimes:jpeg,png,gif|max:'.config('pixelfed.max_avatar_size'),
]); ]);
@ -188,6 +195,7 @@ class BaseApiController extends Controller
public function showTempMedia(Request $request, int $profileId, $mediaId) public function showTempMedia(Request $request, int $profileId, $mediaId)
{ {
abort_if(!$request->user(), 403);
abort_if(!$request->hasValidSignature(), 404); abort_if(!$request->hasValidSignature(), 404);
abort_if(Auth::user()->profile_id !== $profileId, 404); abort_if(Auth::user()->profile_id !== $profileId, 404);
$media = Media::whereProfileId(Auth::user()->profile_id)->findOrFail($mediaId); $media = Media::whereProfileId(Auth::user()->profile_id)->findOrFail($mediaId);
@ -197,6 +205,7 @@ class BaseApiController extends Controller
public function uploadMedia(Request $request) public function uploadMedia(Request $request)
{ {
abort_if(!$request->user(), 403);
$this->validate($request, [ $this->validate($request, [
'file.*' => function() { 'file.*' => function() {
return [ return [
@ -278,6 +287,7 @@ class BaseApiController extends Controller
public function deleteMedia(Request $request) public function deleteMedia(Request $request)
{ {
abort_if(!$request->user(), 403);
$this->validate($request, [ $this->validate($request, [
'id' => 'required|integer|min:1|exists:media,id' 'id' => 'required|integer|min:1|exists:media,id'
]); ]);
@ -299,6 +309,7 @@ class BaseApiController extends Controller
public function verifyCredentials(Request $request) public function verifyCredentials(Request $request)
{ {
abort_if(!$request->user(), 403);
$id = Auth::id(); $id = Auth::id();
$res = Cache::remember('user:account:id:'.$id, now()->addHours(6), function() use($id) { $res = Cache::remember('user:account:id:'.$id, now()->addHours(6), function() use($id) {