1
0
Fork 1
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-12-24 16:53:17 +00:00

Update PublicApiController

This commit is contained in:
Daniel Supernault 2018-11-29 01:32:27 -07:00
parent 0a9ffe80b3
commit d1603aba71
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7

View file

@ -5,6 +5,7 @@ namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\{
Hashtag,
Follower,
Like,
Media,
Notification,
@ -30,7 +31,7 @@ class PublicApiController extends Controller
public function __construct()
{
$this->middleware('throttle:200, 15');
$this->middleware('throttle:200, 30');
$this->fractal = new Fractal\Manager();
$this->fractal->setSerializer(new ArraySerializer());
}
@ -50,6 +51,7 @@ class PublicApiController extends Controller
{
$profile = Profile::whereUsername($username)->first();
$status = Status::whereProfileId($profile->id)->find($postid);
$this->scopeCheck($profile, $status);
$item = new Fractal\Resource\Item($status, new StatusTransformer());
$res = [
'status' => $this->fractal->createData($item)->toArray(),
@ -73,6 +75,7 @@ class PublicApiController extends Controller
$limit = $request->limit ?? 10;
$profile = Profile::whereUsername($username)->first();
$status = Status::whereProfileId($profile->id)->find($postId);
$this->scopeCheck($profile, $status);
if($request->filled('min_id') || $request->filled('max_id')) {
if($request->filled('min_id')) {
$replies = $status->comments()
@ -100,4 +103,47 @@ class PublicApiController extends Controller
$res = $this->fractal->createData($resource)->toArray();
return response()->json($res, 200, [], JSON_PRETTY_PRINT);
}
protected function scopeCheck(Profile $profile, Status $status)
{
if($profile->is_private == true && Auth::check() == false) {
abort(404);
}
switch ($status->scope) {
case 'public':
case 'unlisted':
$user = Auth::check() ? Auth::user() : false;
if($user && $profile->is_private) {
$follows = Follower::whereProfileId($user->profile->id)
->whereFollowingId($profile->id)
->exists();
if($follows == false && $profile->id !== $user->profile->id) {
abort(404);
}
}
break;
case 'private':
$follows = Follower::whereProfileId($user->profile->id)
->whereFollowingId($profile->id)
->exists();
if($follows == false && $profile->id !== $user->profile->id) {
abort(404);
}
break;
case 'direct':
abort(404);
break;
case 'draft':
abort(404);
break;
default:
abort(404);
break;
}
}
}