mastoapi.c 101 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112
  1. /* snac - A simple, minimalistic ActivityPub instance */
  2. /* copyright (c) 2022 - 2024 grunfink et al. / MIT license */
  3. #ifndef NO_MASTODON_API
  4. #include "xs.h"
  5. #include "xs_hex.h"
  6. #include "xs_openssl.h"
  7. #include "xs_json.h"
  8. #include "xs_io.h"
  9. #include "xs_time.h"
  10. #include "xs_glob.h"
  11. #include "xs_set.h"
  12. #include "xs_random.h"
  13. #include "xs_url.h"
  14. #include "xs_mime.h"
  15. #include "xs_match.h"
  16. #include "snac.h"
  17. static xs_str *random_str(void)
  18. /* just what is says in the tin */
  19. {
  20. unsigned int data[4] = {0};
  21. xs_rnd_buf(data, sizeof(data));
  22. return xs_hex_enc((char *)data, sizeof(data));
  23. }
  24. int app_add(const char *id, const xs_dict *app)
  25. /* stores an app */
  26. {
  27. if (!xs_is_hex(id))
  28. return 500;
  29. int status = 201;
  30. xs *fn = xs_fmt("%s/app/", srv_basedir);
  31. FILE *f;
  32. mkdirx(fn);
  33. fn = xs_str_cat(fn, id);
  34. fn = xs_str_cat(fn, ".json");
  35. if ((f = fopen(fn, "w")) != NULL) {
  36. xs_json_dump(app, 4, f);
  37. fclose(f);
  38. }
  39. else
  40. status = 500;
  41. return status;
  42. }
  43. xs_str *_app_fn(const char *id)
  44. {
  45. return xs_fmt("%s/app/%s.json", srv_basedir, id);
  46. }
  47. xs_dict *app_get(const char *id)
  48. /* gets an app */
  49. {
  50. if (!xs_is_hex(id))
  51. return NULL;
  52. xs *fn = _app_fn(id);
  53. xs_dict *app = NULL;
  54. FILE *f;
  55. if ((f = fopen(fn, "r")) != NULL) {
  56. app = xs_json_load(f);
  57. fclose(f);
  58. }
  59. return app;
  60. }
  61. int app_del(const char *id)
  62. /* deletes an app */
  63. {
  64. if (!xs_is_hex(id))
  65. return -1;
  66. xs *fn = _app_fn(id);
  67. return unlink(fn);
  68. }
  69. int token_add(const char *id, const xs_dict *token)
  70. /* stores a token */
  71. {
  72. if (!xs_is_hex(id))
  73. return 500;
  74. int status = 201;
  75. xs *fn = xs_fmt("%s/token/", srv_basedir);
  76. FILE *f;
  77. mkdirx(fn);
  78. fn = xs_str_cat(fn, id);
  79. fn = xs_str_cat(fn, ".json");
  80. if ((f = fopen(fn, "w")) != NULL) {
  81. xs_json_dump(token, 4, f);
  82. fclose(f);
  83. }
  84. else
  85. status = 500;
  86. return status;
  87. }
  88. xs_dict *token_get(const char *id)
  89. /* gets a token */
  90. {
  91. if (!xs_is_hex(id))
  92. return NULL;
  93. xs *fn = xs_fmt("%s/token/%s.json", srv_basedir, id);
  94. xs_dict *token = NULL;
  95. FILE *f;
  96. if ((f = fopen(fn, "r")) != NULL) {
  97. token = xs_json_load(f);
  98. fclose(f);
  99. }
  100. return token;
  101. }
  102. int token_del(const char *id)
  103. /* deletes a token */
  104. {
  105. if (!xs_is_hex(id))
  106. return -1;
  107. xs *fn = xs_fmt("%s/token/%s.json", srv_basedir, id);
  108. return unlink(fn);
  109. }
  110. const char *login_page = ""
  111. "<!DOCTYPE html>\n"
  112. "<html>\n"
  113. "<head>\n"
  114. "<title>%s OAuth - Snac2</title>\n"
  115. "<style>:root {color-scheme: light dark}</style>\n"
  116. "</head>\n"
  117. "<body><h1>%s OAuth identify</h1>\n"
  118. "<div style=\"background-color: red; color: white\">%s</div>\n"
  119. "<form method=\"post\" action=\"%s:/" "/%s/%s\">\n"
  120. "<p>Login: <input type=\"text\" name=\"login\"></p>\n"
  121. "<p>Password: <input type=\"password\" name=\"passwd\"></p>\n"
  122. "<input type=\"hidden\" name=\"redir\" value=\"%s\">\n"
  123. "<input type=\"hidden\" name=\"cid\" value=\"%s\">\n"
  124. "<input type=\"hidden\" name=\"state\" value=\"%s\">\n"
  125. "<input type=\"submit\" value=\"OK\">\n"
  126. "</form><p>%s</p></body></html>\n"
  127. "";
  128. int oauth_get_handler(const xs_dict *req, const char *q_path,
  129. char **body, int *b_size, char **ctype)
  130. {
  131. (void)b_size;
  132. if (!xs_startswith(q_path, "/oauth/"))
  133. return 0;
  134. int status = 404;
  135. const xs_dict *msg = xs_dict_get(req, "q_vars");
  136. xs *cmd = xs_replace_n(q_path, "/oauth", "", 1);
  137. srv_debug(1, xs_fmt("oauth_get_handler %s", q_path));
  138. if (strcmp(cmd, "/authorize") == 0) { /** **/
  139. const char *cid = xs_dict_get(msg, "client_id");
  140. const char *ruri = xs_dict_get(msg, "redirect_uri");
  141. const char *rtype = xs_dict_get(msg, "response_type");
  142. const char *state = xs_dict_get(msg, "state");
  143. status = 400;
  144. if (cid && ruri && rtype && strcmp(rtype, "code") == 0) {
  145. xs *app = app_get(cid);
  146. if (app != NULL) {
  147. const char *host = xs_dict_get(srv_config, "host");
  148. const char *proto = xs_dict_get_def(srv_config, "protocol", "https");
  149. if (xs_is_null(state))
  150. state = "";
  151. *body = xs_fmt(login_page, host, host, "", proto, host, "oauth/x-snac-login",
  152. ruri, cid, state, USER_AGENT);
  153. *ctype = "text/html";
  154. status = 200;
  155. srv_debug(1, xs_fmt("oauth authorize: generating login page"));
  156. }
  157. else
  158. srv_debug(1, xs_fmt("oauth authorize: bad client_id %s", cid));
  159. }
  160. else
  161. srv_debug(1, xs_fmt("oauth authorize: invalid or unset arguments"));
  162. }
  163. else
  164. if (strcmp(cmd, "/x-snac-get-token") == 0) { /** **/
  165. const char *host = xs_dict_get(srv_config, "host");
  166. const char *proto = xs_dict_get_def(srv_config, "protocol", "https");
  167. *body = xs_fmt(login_page, host, host, "", proto, host, "oauth/x-snac-get-token",
  168. "", "", "", USER_AGENT);
  169. *ctype = "text/html";
  170. status = 200;
  171. }
  172. return status;
  173. }
  174. int oauth_post_handler(const xs_dict *req, const char *q_path,
  175. const char *payload, int p_size,
  176. char **body, int *b_size, char **ctype)
  177. {
  178. (void)p_size;
  179. (void)b_size;
  180. if (!xs_startswith(q_path, "/oauth/"))
  181. return 0;
  182. int status = 404;
  183. const char *i_ctype = xs_dict_get(req, "content-type");
  184. xs *args = NULL;
  185. if (i_ctype && xs_startswith(i_ctype, "application/json")) {
  186. if (!xs_is_null(payload))
  187. args = xs_json_loads(payload);
  188. }
  189. else
  190. if (i_ctype && xs_startswith(i_ctype, "application/x-www-form-urlencoded") && payload) {
  191. xs *upl = xs_url_dec(payload);
  192. args = xs_url_vars(upl);
  193. }
  194. else
  195. args = xs_dup(xs_dict_get(req, "p_vars"));
  196. if (args == NULL)
  197. return 400;
  198. xs *cmd = xs_replace_n(q_path, "/oauth", "", 1);
  199. srv_debug(1, xs_fmt("oauth_post_handler %s", q_path));
  200. if (strcmp(cmd, "/x-snac-login") == 0) { /** **/
  201. const char *login = xs_dict_get(args, "login");
  202. const char *passwd = xs_dict_get(args, "passwd");
  203. const char *redir = xs_dict_get(args, "redir");
  204. const char *cid = xs_dict_get(args, "cid");
  205. const char *state = xs_dict_get(args, "state");
  206. const char *host = xs_dict_get(srv_config, "host");
  207. const char *proto = xs_dict_get_def(srv_config, "protocol", "https");
  208. /* by default, generate another login form with an error */
  209. *body = xs_fmt(login_page, host, host, "LOGIN INCORRECT", proto, host, "oauth/x-snac-login",
  210. redir, cid, state, USER_AGENT);
  211. *ctype = "text/html";
  212. status = 200;
  213. if (login && passwd && redir && cid) {
  214. snac snac;
  215. if (user_open(&snac, login)) {
  216. /* check the login + password */
  217. if (check_password(login, passwd, xs_dict_get(snac.config, "passwd"))) {
  218. /* success! redirect to the desired uri */
  219. xs *code = random_str();
  220. xs_free(*body);
  221. if (strcmp(redir, "urn:ietf:wg:oauth:2.0:oob") == 0) {
  222. *body = xs_dup(code);
  223. }
  224. else {
  225. if (xs_str_in(redir, "?") != -1)
  226. *body = xs_fmt("%s&code=%s", redir, code);
  227. else
  228. *body = xs_fmt("%s?code=%s", redir, code);
  229. status = 303;
  230. }
  231. /* if there is a state, add it */
  232. if (!xs_is_null(state) && *state) {
  233. *body = xs_str_cat(*body, "&state=");
  234. *body = xs_str_cat(*body, state);
  235. }
  236. srv_log(xs_fmt("oauth x-snac-login: '%s' success, redirect to %s",
  237. login, *body));
  238. /* assign the login to the app */
  239. xs *app = app_get(cid);
  240. if (app != NULL) {
  241. app = xs_dict_set(app, "uid", login);
  242. app = xs_dict_set(app, "code", code);
  243. app_add(cid, app);
  244. }
  245. else
  246. srv_log(xs_fmt("oauth x-snac-login: error getting app %s", cid));
  247. }
  248. else
  249. srv_debug(1, xs_fmt("oauth x-snac-login: login '%s' incorrect", login));
  250. user_free(&snac);
  251. }
  252. else
  253. srv_debug(1, xs_fmt("oauth x-snac-login: bad user '%s'", login));
  254. }
  255. else
  256. srv_debug(1, xs_fmt("oauth x-snac-login: invalid or unset arguments"));
  257. }
  258. else
  259. if (strcmp(cmd, "/token") == 0) { /** **/
  260. xs *wrk = NULL;
  261. const char *gtype = xs_dict_get(args, "grant_type");
  262. const char *code = xs_dict_get(args, "code");
  263. const char *cid = xs_dict_get(args, "client_id");
  264. const char *csec = xs_dict_get(args, "client_secret");
  265. const char *ruri = xs_dict_get(args, "redirect_uri");
  266. /* FIXME: this 'scope' parameter is mandatory for the official Mastodon API,
  267. but if it's enabled, it makes it crash after some more steps, which
  268. is FAR WORSE */
  269. const char *scope = NULL;
  270. // scope = xs_dict_get(args, "scope");
  271. /* no client_secret? check if it's inside an authorization header
  272. (AndStatus does it this way) */
  273. if (xs_is_null(csec)) {
  274. const char *auhdr = xs_dict_get(req, "authorization");
  275. if (!xs_is_null(auhdr) && xs_startswith(auhdr, "Basic ")) {
  276. xs *s1 = xs_replace_n(auhdr, "Basic ", "", 1);
  277. int size;
  278. xs *s2 = xs_base64_dec(s1, &size);
  279. if (!xs_is_null(s2)) {
  280. xs *l1 = xs_split(s2, ":");
  281. if (xs_list_len(l1) == 2) {
  282. wrk = xs_dup(xs_list_get(l1, 1));
  283. csec = wrk;
  284. }
  285. }
  286. }
  287. }
  288. /* no code?
  289. I'm not sure of the impacts of this right now, but Subway Tooter does not
  290. provide a code so one must be generated */
  291. if (xs_is_null(code)){
  292. code = random_str();
  293. }
  294. if (gtype && code && cid && csec && ruri) {
  295. xs *app = app_get(cid);
  296. if (app == NULL) {
  297. status = 401;
  298. srv_log(xs_fmt("oauth token: invalid app %s", cid));
  299. }
  300. else
  301. if (strcmp(csec, xs_dict_get(app, "client_secret")) != 0) {
  302. status = 401;
  303. srv_log(xs_fmt("oauth token: invalid client_secret for app %s", cid));
  304. }
  305. else {
  306. xs *rsp = xs_dict_new();
  307. xs *cat = xs_number_new(time(NULL));
  308. xs *tokid = random_str();
  309. rsp = xs_dict_append(rsp, "access_token", tokid);
  310. rsp = xs_dict_append(rsp, "token_type", "Bearer");
  311. rsp = xs_dict_append(rsp, "created_at", cat);
  312. if (!xs_is_null(scope))
  313. rsp = xs_dict_append(rsp, "scope", scope);
  314. *body = xs_json_dumps(rsp, 4);
  315. *ctype = "application/json";
  316. status = 200;
  317. const char *uid = xs_dict_get(app, "uid");
  318. srv_debug(1, xs_fmt("oauth token: "
  319. "successful login for %s, new token %s", uid, tokid));
  320. xs *token = xs_dict_new();
  321. token = xs_dict_append(token, "token", tokid);
  322. token = xs_dict_append(token, "client_id", cid);
  323. token = xs_dict_append(token, "client_secret", csec);
  324. token = xs_dict_append(token, "uid", uid);
  325. token = xs_dict_append(token, "code", code);
  326. token_add(tokid, token);
  327. }
  328. }
  329. else {
  330. srv_debug(1, xs_fmt("oauth token: invalid or unset arguments"));
  331. status = 400;
  332. }
  333. }
  334. else
  335. if (strcmp(cmd, "/revoke") == 0) { /** **/
  336. const char *cid = xs_dict_get(args, "client_id");
  337. const char *csec = xs_dict_get(args, "client_secret");
  338. const char *tokid = xs_dict_get(args, "token");
  339. if (cid && csec && tokid) {
  340. xs *token = token_get(tokid);
  341. *body = xs_str_new("{}");
  342. *ctype = "application/json";
  343. if (token == NULL || strcmp(csec, xs_dict_get(token, "client_secret")) != 0) {
  344. srv_debug(1, xs_fmt("oauth revoke: bad secret for token %s", tokid));
  345. status = 403;
  346. }
  347. else {
  348. token_del(tokid);
  349. srv_debug(1, xs_fmt("oauth revoke: revoked token %s", tokid));
  350. status = 200;
  351. /* also delete the app, as it serves no purpose from now on */
  352. app_del(cid);
  353. }
  354. }
  355. else {
  356. srv_debug(1, xs_fmt("oauth revoke: invalid or unset arguments"));
  357. status = 403;
  358. }
  359. }
  360. if (strcmp(cmd, "/x-snac-get-token") == 0) { /** **/
  361. const char *login = xs_dict_get(args, "login");
  362. const char *passwd = xs_dict_get(args, "passwd");
  363. const char *host = xs_dict_get(srv_config, "host");
  364. const char *proto = xs_dict_get_def(srv_config, "protocol", "https");
  365. /* by default, generate another login form with an error */
  366. *body = xs_fmt(login_page, host, host, "LOGIN INCORRECT", proto, host, "oauth/x-snac-get-token",
  367. "", "", "", USER_AGENT);
  368. *ctype = "text/html";
  369. status = 200;
  370. if (login && passwd) {
  371. snac user;
  372. if (user_open(&user, login)) {
  373. /* check the login + password */
  374. if (check_password(login, passwd, xs_dict_get(user.config, "passwd"))) {
  375. /* success! create a new token */
  376. xs *tokid = random_str();
  377. srv_debug(1, xs_fmt("x-snac-new-token: "
  378. "successful login for %s, new token %s", login, tokid));
  379. xs *token = xs_dict_new();
  380. token = xs_dict_append(token, "token", tokid);
  381. token = xs_dict_append(token, "client_id", "snac-client");
  382. token = xs_dict_append(token, "client_secret", "");
  383. token = xs_dict_append(token, "uid", login);
  384. token = xs_dict_append(token, "code", "");
  385. token_add(tokid, token);
  386. *ctype = "text/plain";
  387. xs_free(*body);
  388. *body = xs_dup(tokid);
  389. }
  390. user_free(&user);
  391. }
  392. }
  393. }
  394. return status;
  395. }
  396. xs_str *mastoapi_id(const xs_dict *msg)
  397. /* returns a somewhat Mastodon-compatible status id */
  398. {
  399. const char *id = xs_dict_get(msg, "id");
  400. xs *md5 = xs_md5_hex(id, strlen(id));
  401. return xs_fmt("%10.0f%s", object_ctime_by_md5(md5), md5);
  402. }
  403. #define MID_TO_MD5(id) (id + 10)
  404. xs_dict *mastoapi_account(const xs_dict *actor)
  405. /* converts an ActivityPub actor to a Mastodon account */
  406. {
  407. const char *id = xs_dict_get(actor, "id");
  408. const char *pub = xs_dict_get(actor, "published");
  409. if (xs_type(id) != XSTYPE_STRING)
  410. return NULL;
  411. const char *prefu = xs_dict_get(actor, "preferredUsername");
  412. const char *display_name = xs_dict_get(actor, "name");
  413. if (xs_is_null(display_name) || *display_name == '\0')
  414. display_name = prefu;
  415. xs_dict *acct = xs_dict_new();
  416. xs *acct_md5 = xs_md5_hex(id, strlen(id));
  417. acct = xs_dict_append(acct, "id", acct_md5);
  418. acct = xs_dict_append(acct, "username", prefu);
  419. acct = xs_dict_append(acct, "display_name", display_name);
  420. acct = xs_dict_append(acct, "discoverable", xs_stock(XSTYPE_TRUE));
  421. acct = xs_dict_append(acct, "group", xs_stock(XSTYPE_FALSE));
  422. acct = xs_dict_append(acct, "hide_collections", xs_stock(XSTYPE_FALSE));
  423. acct = xs_dict_append(acct, "indexable", xs_stock(XSTYPE_TRUE));
  424. acct = xs_dict_append(acct, "noindex", xs_stock(XSTYPE_FALSE));
  425. acct = xs_dict_append(acct, "roles", xs_stock(XSTYPE_LIST));
  426. {
  427. /* create the acct field as user@host */
  428. xs *l = xs_split(id, "/");
  429. xs *fquid = xs_fmt("%s@%s", prefu, xs_list_get(l, 2));
  430. acct = xs_dict_append(acct, "acct", fquid);
  431. }
  432. if (pub)
  433. acct = xs_dict_append(acct, "created_at", pub);
  434. else {
  435. /* unset created_at crashes Tusky, so lie like a mf */
  436. xs *date = xs_str_utctime(0, ISO_DATE_SPEC);
  437. acct = xs_dict_append(acct, "created_at", date);
  438. }
  439. xs *last_status_at = xs_str_utctime(0, "%Y-%m-%d");
  440. acct = xs_dict_append(acct, "last_status_at", last_status_at);
  441. const char *note = xs_dict_get(actor, "summary");
  442. if (xs_is_null(note))
  443. note = "";
  444. if (strcmp(xs_dict_get(actor, "type"), "Service") == 0)
  445. acct = xs_dict_append(acct, "bot", xs_stock(XSTYPE_TRUE));
  446. else
  447. acct = xs_dict_append(acct, "bot", xs_stock(XSTYPE_FALSE));
  448. acct = xs_dict_append(acct, "note", note);
  449. acct = xs_dict_append(acct, "url", id);
  450. acct = xs_dict_append(acct, "uri", id);
  451. xs *avatar = NULL;
  452. const xs_dict *av = xs_dict_get(actor, "icon");
  453. if (xs_type(av) == XSTYPE_DICT) {
  454. const char *url = xs_dict_get(av, "url");
  455. if (url != NULL)
  456. avatar = xs_dup(url);
  457. }
  458. if (avatar == NULL)
  459. avatar = xs_fmt("%s/susie.png", srv_baseurl);
  460. acct = xs_dict_append(acct, "avatar", avatar);
  461. acct = xs_dict_append(acct, "avatar_static", avatar);
  462. xs *header = NULL;
  463. const xs_dict *hd = xs_dict_get(actor, "image");
  464. if (xs_type(hd) == XSTYPE_DICT)
  465. header = xs_dup(xs_dict_get(hd, "url"));
  466. if (xs_is_null(header))
  467. header = xs_fmt("%s/header.png", srv_baseurl);
  468. acct = xs_dict_append(acct, "header", header);
  469. acct = xs_dict_append(acct, "header_static", header);
  470. /* emojis */
  471. const xs_list *p;
  472. if (!xs_is_null(p = xs_dict_get(actor, "tag"))) {
  473. xs *eml = xs_list_new();
  474. xs_dict *v;
  475. int c = 0;
  476. while (xs_list_next(p, &v, &c)) {
  477. const char *type = xs_dict_get(v, "type");
  478. if (!xs_is_null(type) && strcmp(type, "Emoji") == 0) {
  479. const char *name = xs_dict_get(v, "name");
  480. const xs_dict *icon = xs_dict_get(v, "icon");
  481. if (!xs_is_null(name) && !xs_is_null(icon)) {
  482. const char *url = xs_dict_get(icon, "url");
  483. if (!xs_is_null(url)) {
  484. xs *nm = xs_strip_chars_i(xs_dup(name), ":");
  485. xs *d1 = xs_dict_new();
  486. d1 = xs_dict_append(d1, "shortcode", nm);
  487. d1 = xs_dict_append(d1, "url", url);
  488. d1 = xs_dict_append(d1, "static_url", url);
  489. d1 = xs_dict_append(d1, "visible_in_picker", xs_stock(XSTYPE_TRUE));
  490. eml = xs_list_append(eml, d1);
  491. }
  492. }
  493. }
  494. }
  495. acct = xs_dict_append(acct, "emojis", eml);
  496. }
  497. acct = xs_dict_append(acct, "locked", xs_stock(XSTYPE_FALSE));
  498. acct = xs_dict_append(acct, "followers_count", xs_stock(0));
  499. acct = xs_dict_append(acct, "following_count", xs_stock(0));
  500. acct = xs_dict_append(acct, "statuses_count", xs_stock(0));
  501. xs *fields = xs_list_new();
  502. p = xs_dict_get(actor, "attachment");
  503. xs_dict *v;
  504. /* dict of validated links */
  505. xs_dict *val_links = NULL;
  506. const xs_dict *metadata = xs_stock(XSTYPE_DICT);
  507. snac user = {0};
  508. if (xs_startswith(id, srv_baseurl)) {
  509. /* if it's a local user, open it and pick its validated links */
  510. if (user_open(&user, prefu)) {
  511. val_links = user.links;
  512. metadata = xs_dict_get_def(user.config, "metadata", xs_stock(XSTYPE_DICT));
  513. }
  514. }
  515. if (xs_is_null(val_links))
  516. val_links = xs_stock(XSTYPE_DICT);
  517. int c = 0;
  518. while (xs_list_next(p, &v, &c)) {
  519. const char *type = xs_dict_get(v, "type");
  520. const char *name = xs_dict_get(v, "name");
  521. const char *value = xs_dict_get(v, "value");
  522. if (!xs_is_null(type) && !xs_is_null(name) &&
  523. !xs_is_null(value) && strcmp(type, "PropertyValue") == 0) {
  524. xs *val_date = NULL;
  525. const char *url = xs_dict_get(metadata, name);
  526. if (!xs_is_null(url) && xs_startswith(url, "https:/" "/")) {
  527. const xs_number *verified_time = xs_dict_get(val_links, url);
  528. if (xs_type(verified_time) == XSTYPE_NUMBER) {
  529. time_t t = xs_number_get(verified_time);
  530. if (t > 0)
  531. val_date = xs_str_utctime(t, ISO_DATE_SPEC);
  532. }
  533. }
  534. xs *d = xs_dict_new();
  535. d = xs_dict_append(d, "name", name);
  536. d = xs_dict_append(d, "value", value);
  537. d = xs_dict_append(d, "verified_at",
  538. xs_type(val_date) == XSTYPE_STRING && *val_date ?
  539. val_date : xs_stock(XSTYPE_NULL));
  540. fields = xs_list_append(fields, d);
  541. }
  542. }
  543. user_free(&user);
  544. acct = xs_dict_append(acct, "fields", fields);
  545. return acct;
  546. }
  547. xs_str *mastoapi_date(const char *date)
  548. /* converts an ISO 8601 date to whatever format Mastodon uses */
  549. {
  550. xs_str *s = xs_crop_i(xs_dup(date), 0, 19);
  551. s = xs_str_cat(s, ".000Z");
  552. return s;
  553. }
  554. xs_dict *mastoapi_poll(snac *snac, const xs_dict *msg)
  555. /* creates a mastoapi Poll object */
  556. {
  557. xs_dict *poll = xs_dict_new();
  558. xs *mid = mastoapi_id(msg);
  559. const xs_list *opts = NULL;
  560. xs_val *v;
  561. int num_votes = 0;
  562. xs *options = xs_list_new();
  563. poll = xs_dict_append(poll, "id", mid);
  564. const char *date = xs_dict_get(msg, "endTime");
  565. if (date == NULL)
  566. date = xs_dict_get(msg, "closed");
  567. if (date == NULL)
  568. return NULL;
  569. xs *fd = mastoapi_date(date);
  570. poll = xs_dict_append(poll, "expires_at", fd);
  571. date = xs_dict_get(msg, "closed");
  572. time_t t = 0;
  573. if (date != NULL)
  574. t = xs_parse_iso_date(date, 0);
  575. poll = xs_dict_append(poll, "expired",
  576. t < time(NULL) ? xs_stock(XSTYPE_FALSE) : xs_stock(XSTYPE_TRUE));
  577. if ((opts = xs_dict_get(msg, "oneOf")) != NULL)
  578. poll = xs_dict_append(poll, "multiple", xs_stock(XSTYPE_FALSE));
  579. else {
  580. opts = xs_dict_get(msg, "anyOf");
  581. poll = xs_dict_append(poll, "multiple", xs_stock(XSTYPE_TRUE));
  582. }
  583. int c = 0;
  584. while (xs_list_next(opts, &v, &c)) {
  585. const char *title = xs_dict_get(v, "name");
  586. const char *replies = xs_dict_get(v, "replies");
  587. if (title && replies) {
  588. const char *votes_count = xs_dict_get(replies, "totalItems");
  589. if (xs_type(votes_count) == XSTYPE_NUMBER) {
  590. xs *d = xs_dict_new();
  591. d = xs_dict_append(d, "title", title);
  592. d = xs_dict_append(d, "votes_count", votes_count);
  593. options = xs_list_append(options, d);
  594. num_votes += xs_number_get(votes_count);
  595. }
  596. }
  597. }
  598. poll = xs_dict_append(poll, "options", options);
  599. xs *vc = xs_number_new(num_votes);
  600. poll = xs_dict_append(poll, "votes_count", vc);
  601. poll = xs_dict_append(poll, "voted",
  602. (snac && was_question_voted(snac, xs_dict_get(msg, "id"))) ?
  603. xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
  604. return poll;
  605. }
  606. xs_dict *mastoapi_status(snac *snac, const xs_dict *msg)
  607. /* converts an ActivityPub note to a Mastodon status */
  608. {
  609. xs *actor = NULL;
  610. actor_get_refresh(snac, get_atto(msg), &actor);
  611. /* if the author is not here, discard */
  612. if (actor == NULL)
  613. return NULL;
  614. const char *type = xs_dict_get(msg, "type");
  615. const char *id = xs_dict_get(msg, "id");
  616. /* fail if it's not a valid actor */
  617. if (xs_is_null(type) || xs_is_null(id))
  618. return NULL;
  619. xs *acct = mastoapi_account(actor);
  620. if (acct == NULL)
  621. return NULL;
  622. xs *idx = NULL;
  623. xs *ixc = NULL;
  624. const char *tmp;
  625. xs *mid = mastoapi_id(msg);
  626. xs_dict *st = xs_dict_new();
  627. st = xs_dict_append(st, "id", mid);
  628. st = xs_dict_append(st, "uri", id);
  629. st = xs_dict_append(st, "url", id);
  630. st = xs_dict_append(st, "account", acct);
  631. xs *fd = mastoapi_date(xs_dict_get(msg, "published"));
  632. st = xs_dict_append(st, "created_at", fd);
  633. {
  634. const char *content = xs_dict_get(msg, "content");
  635. const char *name = xs_dict_get(msg, "name");
  636. xs *s1 = NULL;
  637. if (name && content)
  638. s1 = xs_fmt("%s<br><br>%s", name, content);
  639. else
  640. if (name)
  641. s1 = xs_dup(name);
  642. else
  643. if (content)
  644. s1 = xs_dup(content);
  645. else
  646. s1 = xs_str_new(NULL);
  647. st = xs_dict_append(st, "content", s1);
  648. }
  649. st = xs_dict_append(st, "visibility",
  650. is_msg_public(msg) ? "public" : "private");
  651. tmp = xs_dict_get(msg, "sensitive");
  652. if (xs_is_null(tmp))
  653. tmp = xs_stock(XSTYPE_FALSE);
  654. st = xs_dict_append(st, "sensitive", tmp);
  655. tmp = xs_dict_get(msg, "summary");
  656. if (xs_is_null(tmp))
  657. tmp = "";
  658. st = xs_dict_append(st, "spoiler_text", tmp);
  659. /* create the list of attachments */
  660. xs *attach = get_attachments(msg);
  661. {
  662. xs_list *p = attach;
  663. xs_dict *v;
  664. xs *matt = xs_list_new();
  665. while (xs_list_iter(&p, &v)) {
  666. const char *type = xs_dict_get(v, "type");
  667. const char *href = xs_dict_get(v, "href");
  668. const char *name = xs_dict_get(v, "name");
  669. if (xs_match(type, "image/*|video/*|Image|Video")) { /* */
  670. xs *matteid = xs_fmt("%s_%d", id, xs_list_len(matt));
  671. xs *d = xs_dict_new();
  672. d = xs_dict_append(d, "id", matteid);
  673. d = xs_dict_append(d, "url", href);
  674. d = xs_dict_append(d, "preview_url", href);
  675. d = xs_dict_append(d, "remote_url", href);
  676. d = xs_dict_append(d, "description", name);
  677. d = xs_dict_append(d, "type", (*type == 'v' || *type == 'V') ? "video" : "image");
  678. matt = xs_list_append(matt, d);
  679. }
  680. }
  681. st = xs_dict_append(st, "media_attachments", matt);
  682. }
  683. {
  684. xs *ml = xs_list_new();
  685. xs *htl = xs_list_new();
  686. xs *eml = xs_list_new();
  687. const xs_list *tag = xs_dict_get(msg, "tag");
  688. int n = 0;
  689. xs *tag_list = NULL;
  690. if (xs_type(tag) == XSTYPE_DICT) {
  691. tag_list = xs_list_new();
  692. tag_list = xs_list_append(tag_list, tag);
  693. }
  694. else
  695. if (xs_type(tag) == XSTYPE_LIST)
  696. tag_list = xs_dup(tag);
  697. else
  698. tag_list = xs_list_new();
  699. tag = tag_list;
  700. xs_dict *v;
  701. int c = 0;
  702. while (xs_list_next(tag, &v, &c)) {
  703. const char *type = xs_dict_get(v, "type");
  704. if (xs_is_null(type))
  705. continue;
  706. xs *d1 = xs_dict_new();
  707. if (strcmp(type, "Mention") == 0) {
  708. const char *name = xs_dict_get(v, "name");
  709. const char *href = xs_dict_get(v, "href");
  710. if (!xs_is_null(name) && !xs_is_null(href) &&
  711. (snac == NULL || strcmp(href, snac->actor) != 0)) {
  712. xs *nm = xs_strip_chars_i(xs_dup(name), "@");
  713. xs *id = xs_fmt("%d", n++);
  714. d1 = xs_dict_append(d1, "id", id);
  715. d1 = xs_dict_append(d1, "username", nm);
  716. d1 = xs_dict_append(d1, "acct", nm);
  717. d1 = xs_dict_append(d1, "url", href);
  718. ml = xs_list_append(ml, d1);
  719. }
  720. }
  721. else
  722. if (strcmp(type, "Hashtag") == 0) {
  723. const char *name = xs_dict_get(v, "name");
  724. const char *href = xs_dict_get(v, "href");
  725. if (!xs_is_null(name) && !xs_is_null(href)) {
  726. xs *nm = xs_strip_chars_i(xs_dup(name), "#");
  727. d1 = xs_dict_append(d1, "name", nm);
  728. d1 = xs_dict_append(d1, "url", href);
  729. htl = xs_list_append(htl, d1);
  730. }
  731. }
  732. else
  733. if (strcmp(type, "Emoji") == 0) {
  734. const char *name = xs_dict_get(v, "name");
  735. const xs_dict *icon = xs_dict_get(v, "icon");
  736. if (!xs_is_null(name) && !xs_is_null(icon)) {
  737. const char *url = xs_dict_get(icon, "url");
  738. if (!xs_is_null(url)) {
  739. xs *nm = xs_strip_chars_i(xs_dup(name), ":");
  740. d1 = xs_dict_append(d1, "shortcode", nm);
  741. d1 = xs_dict_append(d1, "url", url);
  742. d1 = xs_dict_append(d1, "static_url", url);
  743. d1 = xs_dict_append(d1, "visible_in_picker", xs_stock(XSTYPE_TRUE));
  744. d1 = xs_dict_append(d1, "category", "Emojis");
  745. eml = xs_list_append(eml, d1);
  746. }
  747. }
  748. }
  749. }
  750. st = xs_dict_append(st, "mentions", ml);
  751. st = xs_dict_append(st, "tags", htl);
  752. st = xs_dict_append(st, "emojis", eml);
  753. }
  754. xs_free(idx);
  755. xs_free(ixc);
  756. idx = object_likes(id);
  757. ixc = xs_number_new(xs_list_len(idx));
  758. st = xs_dict_append(st, "favourites_count", ixc);
  759. st = xs_dict_append(st, "favourited",
  760. (snac && xs_list_in(idx, snac->md5) != -1) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
  761. xs_free(idx);
  762. xs_free(ixc);
  763. idx = object_announces(id);
  764. ixc = xs_number_new(xs_list_len(idx));
  765. st = xs_dict_append(st, "reblogs_count", ixc);
  766. st = xs_dict_append(st, "reblogged",
  767. (snac && xs_list_in(idx, snac->md5) != -1) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
  768. /* get the last person who boosted this */
  769. xs *boosted_by_md5 = NULL;
  770. if (xs_list_len(idx))
  771. boosted_by_md5 = xs_dup(xs_list_get(idx, -1));
  772. xs_free(idx);
  773. xs_free(ixc);
  774. idx = object_children(id);
  775. ixc = xs_number_new(xs_list_len(idx));
  776. st = xs_dict_append(st, "replies_count", ixc);
  777. /* default in_reply_to values */
  778. st = xs_dict_append(st, "in_reply_to_id", xs_stock(XSTYPE_NULL));
  779. st = xs_dict_append(st, "in_reply_to_account_id", xs_stock(XSTYPE_NULL));
  780. tmp = xs_dict_get(msg, "inReplyTo");
  781. if (!xs_is_null(tmp)) {
  782. xs *irto = NULL;
  783. if (valid_status(object_get(tmp, &irto))) {
  784. xs *irt_mid = mastoapi_id(irto);
  785. st = xs_dict_set(st, "in_reply_to_id", irt_mid);
  786. const char *at = NULL;
  787. if (!xs_is_null(at = get_atto(irto))) {
  788. xs *at_md5 = xs_md5_hex(at, strlen(at));
  789. st = xs_dict_set(st, "in_reply_to_account_id", at_md5);
  790. }
  791. }
  792. }
  793. st = xs_dict_append(st, "reblog", xs_stock(XSTYPE_NULL));
  794. st = xs_dict_append(st, "card", xs_stock(XSTYPE_NULL));
  795. st = xs_dict_append(st, "language", "en");
  796. st = xs_dict_append(st, "filtered", xs_stock(XSTYPE_LIST));
  797. st = xs_dict_append(st, "muted", xs_stock(XSTYPE_FALSE));
  798. tmp = xs_dict_get(msg, "sourceContent");
  799. if (xs_is_null(tmp))
  800. tmp = "";
  801. st = xs_dict_append(st, "text", tmp);
  802. tmp = xs_dict_get(msg, "updated");
  803. xs *fd2 = NULL;
  804. if (xs_is_null(tmp))
  805. tmp = xs_stock(XSTYPE_NULL);
  806. else {
  807. fd2 = mastoapi_date(tmp);
  808. tmp = fd2;
  809. }
  810. st = xs_dict_append(st, "edited_at", tmp);
  811. if (strcmp(type, "Question") == 0) {
  812. xs *poll = mastoapi_poll(snac, msg);
  813. st = xs_dict_append(st, "poll", poll);
  814. }
  815. else
  816. st = xs_dict_append(st, "poll", xs_stock(XSTYPE_NULL));
  817. st = xs_dict_append(st, "bookmarked", xs_stock(XSTYPE_FALSE));
  818. st = xs_dict_append(st, "pinned",
  819. (snac && is_pinned(snac, id)) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
  820. /* is it a boost? */
  821. if (!xs_is_null(boosted_by_md5)) {
  822. /* create a new dummy status, using st as the 'reblog' field */
  823. xs_dict *bst = xs_dup(st);
  824. xs *b_actor = NULL;
  825. if (valid_status(object_get_by_md5(boosted_by_md5, &b_actor))) {
  826. xs *b_acct = mastoapi_account(b_actor);
  827. xs *fake_uri = NULL;
  828. if (snac)
  829. fake_uri = xs_fmt("%s/d/%s/Announce", snac->actor, mid);
  830. else
  831. fake_uri = xs_fmt("%s#%s", srv_baseurl, mid);
  832. bst = xs_dict_set(bst, "uri", fake_uri);
  833. bst = xs_dict_set(bst, "url", fake_uri);
  834. bst = xs_dict_set(bst, "account", b_acct);
  835. bst = xs_dict_set(bst, "content", "");
  836. bst = xs_dict_set(bst, "reblog", st);
  837. xs_free(st);
  838. st = bst;
  839. }
  840. }
  841. return st;
  842. }
  843. xs_dict *mastoapi_relationship(snac *snac, const char *md5)
  844. {
  845. xs_dict *rel = NULL;
  846. xs *actor_o = NULL;
  847. if (valid_status(object_get_by_md5(md5, &actor_o))) {
  848. rel = xs_dict_new();
  849. const char *actor = xs_dict_get(actor_o, "id");
  850. rel = xs_dict_append(rel, "id", md5);
  851. rel = xs_dict_append(rel, "following",
  852. following_check(snac, actor) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
  853. rel = xs_dict_append(rel, "showing_reblogs", xs_stock(XSTYPE_TRUE));
  854. rel = xs_dict_append(rel, "notifying", xs_stock(XSTYPE_FALSE));
  855. rel = xs_dict_append(rel, "followed_by",
  856. follower_check(snac, actor) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
  857. rel = xs_dict_append(rel, "blocking",
  858. is_muted(snac, actor) ? xs_stock(XSTYPE_TRUE) : xs_stock(XSTYPE_FALSE));
  859. rel = xs_dict_append(rel, "muting", xs_stock(XSTYPE_FALSE));
  860. rel = xs_dict_append(rel, "muting_notifications", xs_stock(XSTYPE_FALSE));
  861. rel = xs_dict_append(rel, "requested", xs_stock(XSTYPE_FALSE));
  862. rel = xs_dict_append(rel, "domain_blocking", xs_stock(XSTYPE_FALSE));
  863. rel = xs_dict_append(rel, "endorsed", xs_stock(XSTYPE_FALSE));
  864. rel = xs_dict_append(rel, "note", "");
  865. }
  866. return rel;
  867. }
  868. int process_auth_token(snac *snac, const xs_dict *req)
  869. /* processes an authorization token, if there is one */
  870. {
  871. int logged_in = 0;
  872. const char *v;
  873. /* if there is an authorization field, try to validate it */
  874. if (!xs_is_null(v = xs_dict_get(req, "authorization")) && xs_startswith(v, "Bearer ")) {
  875. xs *tokid = xs_replace_n(v, "Bearer ", "", 1);
  876. xs *token = token_get(tokid);
  877. if (token != NULL) {
  878. const char *uid = xs_dict_get(token, "uid");
  879. if (!xs_is_null(uid) && user_open(snac, uid)) {
  880. logged_in = 1;
  881. /* this counts as a 'login' */
  882. lastlog_write(snac, "mastoapi");
  883. srv_debug(2, xs_fmt("mastoapi auth: valid token for user '%s'", uid));
  884. }
  885. else
  886. srv_log(xs_fmt("mastoapi auth: corrupted token '%s'", tokid));
  887. }
  888. else
  889. srv_log(xs_fmt("mastoapi auth: invalid token '%s'", tokid));
  890. }
  891. return logged_in;
  892. }
  893. int mastoapi_get_handler(const xs_dict *req, const char *q_path,
  894. char **body, int *b_size, char **ctype)
  895. {
  896. (void)b_size;
  897. if (!xs_startswith(q_path, "/api/v1/") && !xs_startswith(q_path, "/api/v2/"))
  898. return 0;
  899. int status = 404;
  900. const xs_dict *args = xs_dict_get(req, "q_vars");
  901. xs *cmd = xs_replace_n(q_path, "/api", "", 1);
  902. snac snac1 = {0};
  903. int logged_in = process_auth_token(&snac1, req);
  904. if (strcmp(cmd, "/v1/accounts/verify_credentials") == 0) { /** **/
  905. if (logged_in) {
  906. xs *acct = xs_dict_new();
  907. acct = xs_dict_append(acct, "id", snac1.md5);
  908. acct = xs_dict_append(acct, "username", xs_dict_get(snac1.config, "uid"));
  909. acct = xs_dict_append(acct, "acct", xs_dict_get(snac1.config, "uid"));
  910. acct = xs_dict_append(acct, "display_name", xs_dict_get(snac1.config, "name"));
  911. acct = xs_dict_append(acct, "created_at", xs_dict_get(snac1.config, "published"));
  912. acct = xs_dict_append(acct, "last_status_at", xs_dict_get(snac1.config, "published"));
  913. acct = xs_dict_append(acct, "note", xs_dict_get(snac1.config, "bio"));
  914. acct = xs_dict_append(acct, "url", snac1.actor);
  915. acct = xs_dict_append(acct, "locked", xs_stock(XSTYPE_FALSE));
  916. acct = xs_dict_append(acct, "bot", xs_dict_get(snac1.config, "bot"));
  917. xs *src = xs_json_loads("{\"privacy\":\"public\","
  918. "\"sensitive\":false,\"fields\":[],\"note\":\"\"}");
  919. acct = xs_dict_append(acct, "source", src);
  920. xs *avatar = NULL;
  921. const char *av = xs_dict_get(snac1.config, "avatar");
  922. if (xs_is_null(av) || *av == '\0')
  923. avatar = xs_fmt("%s/susie.png", srv_baseurl);
  924. else
  925. avatar = xs_dup(av);
  926. acct = xs_dict_append(acct, "avatar", avatar);
  927. acct = xs_dict_append(acct, "avatar_static", avatar);
  928. xs *header = NULL;
  929. const char *hd = xs_dict_get(snac1.config, "header");
  930. if (!xs_is_null(hd))
  931. header = xs_dup(hd);
  932. else
  933. header = xs_fmt("%s/header.png", srv_baseurl);
  934. acct = xs_dict_append(acct, "header", header);
  935. acct = xs_dict_append(acct, "header_static", header);
  936. const xs_dict *metadata = xs_dict_get(snac1.config, "metadata");
  937. if (xs_type(metadata) == XSTYPE_DICT) {
  938. xs *fields = xs_list_new();
  939. xs_str *k;
  940. xs_str *v;
  941. xs_dict *val_links = snac1.links;
  942. if (xs_is_null(val_links))
  943. val_links = xs_stock(XSTYPE_DICT);
  944. int c = 0;
  945. while (xs_dict_next(metadata, &k, &v, &c)) {
  946. xs *val_date = NULL;
  947. const xs_number *verified_time = xs_dict_get(val_links, v);
  948. if (xs_type(verified_time) == XSTYPE_NUMBER) {
  949. time_t t = xs_number_get(verified_time);
  950. if (t > 0)
  951. val_date = xs_str_utctime(t, ISO_DATE_SPEC);
  952. }
  953. xs *d = xs_dict_new();
  954. d = xs_dict_append(d, "name", k);
  955. d = xs_dict_append(d, "value", v);
  956. d = xs_dict_append(d, "verified_at",
  957. xs_type(val_date) == XSTYPE_STRING && *val_date ?
  958. val_date : xs_stock(XSTYPE_NULL));
  959. fields = xs_list_append(fields, d);
  960. }
  961. acct = xs_dict_set(acct, "fields", fields);
  962. }
  963. acct = xs_dict_append(acct, "followers_count", xs_stock(0));
  964. acct = xs_dict_append(acct, "following_count", xs_stock(0));
  965. acct = xs_dict_append(acct, "statuses_count", xs_stock(0));
  966. *body = xs_json_dumps(acct, 4);
  967. *ctype = "application/json";
  968. status = 200;
  969. }
  970. else {
  971. status = 422; // "Unprocessable entity" (no login)
  972. }
  973. }
  974. else
  975. if (strcmp(cmd, "/v1/accounts/relationships") == 0) { /** **/
  976. /* find if an account is followed, blocked, etc. */
  977. /* the account to get relationships about is in args "id[]" */
  978. if (logged_in) {
  979. xs *res = xs_list_new();
  980. const char *md5 = xs_dict_get(args, "id[]");
  981. if (xs_is_null(md5))
  982. md5 = xs_dict_get(args, "id");
  983. if (!xs_is_null(md5)) {
  984. if (xs_type(md5) == XSTYPE_LIST)
  985. md5 = xs_list_get(md5, 0);
  986. xs *rel = mastoapi_relationship(&snac1, md5);
  987. if (rel != NULL)
  988. res = xs_list_append(res, rel);
  989. }
  990. *body = xs_json_dumps(res, 4);
  991. *ctype = "application/json";
  992. status = 200;
  993. }
  994. else
  995. status = 422;
  996. }
  997. else
  998. if (strcmp(cmd, "/v1/accounts/lookup") == 0) { /** **/
  999. /* lookup an account */
  1000. const char *acct = xs_dict_get(args, "acct");
  1001. if (!xs_is_null(acct)) {
  1002. xs *s = xs_strip_chars_i(xs_dup(acct), "@");
  1003. xs *l = xs_split_n(s, "@", 1);
  1004. const char *uid = xs_list_get(l, 0);
  1005. const char *host = xs_list_get(l, 1);
  1006. if (uid && (!host || strcmp(host, xs_dict_get(srv_config, "host")) == 0)) {
  1007. snac user;
  1008. if (user_open(&user, uid)) {
  1009. xs *actor = msg_actor(&user);
  1010. xs *macct = mastoapi_account(actor);
  1011. *body = xs_json_dumps(macct, 4);
  1012. *ctype = "application/json";
  1013. status = 200;
  1014. user_free(&user);
  1015. }
  1016. }
  1017. }
  1018. }
  1019. else
  1020. if (xs_startswith(cmd, "/v1/accounts/")) { /** **/
  1021. /* account-related information */
  1022. xs *l = xs_split(cmd, "/");
  1023. const char *uid = xs_list_get(l, 3);
  1024. const char *opt = xs_list_get(l, 4);
  1025. if (uid != NULL) {
  1026. snac snac2;
  1027. xs *out = NULL;
  1028. xs *actor = NULL;
  1029. if (logged_in && strcmp(uid, "search") == 0) { /** **/
  1030. /* search for accounts starting with q */
  1031. const char *aq = xs_dict_get(args, "q");
  1032. if (!xs_is_null(aq)) {
  1033. xs *q = xs_tolower_i(xs_dup(aq));
  1034. out = xs_list_new();
  1035. xs *wing = following_list(&snac1);
  1036. xs *wers = follower_list(&snac1);
  1037. xs *ulst = user_list();
  1038. xs_list *p;
  1039. xs_str *v;
  1040. xs_set seen;
  1041. xs_set_init(&seen);
  1042. /* user relations */
  1043. xs_list *lsts[] = { wing, wers, NULL };
  1044. int n;
  1045. for (n = 0; (p = lsts[n]) != NULL; n++) {
  1046. while (xs_list_iter(&p, &v)) {
  1047. /* already seen? skip */
  1048. if (xs_set_add(&seen, v) == 0)
  1049. continue;
  1050. xs *actor = NULL;
  1051. if (valid_status(object_get(v, &actor))) {
  1052. const char *uname = xs_dict_get(actor, "preferredUsername");
  1053. if (!xs_is_null(uname)) {
  1054. xs *luname = xs_tolower_i(xs_dup(uname));
  1055. if (xs_startswith(luname, q)) {
  1056. xs *acct = mastoapi_account(actor);
  1057. out = xs_list_append(out, acct);
  1058. }
  1059. }
  1060. }
  1061. }
  1062. }
  1063. /* local users */
  1064. p = ulst;
  1065. while (xs_list_iter(&p, &v)) {
  1066. snac user;
  1067. /* skip this same user */
  1068. if (strcmp(v, xs_dict_get(snac1.config, "uid")) == 0)
  1069. continue;
  1070. /* skip if the uid does not start with the query */
  1071. xs *v2 = xs_tolower_i(xs_dup(v));
  1072. if (!xs_startswith(v2, q))
  1073. continue;
  1074. if (user_open(&user, v)) {
  1075. /* if it's not already seen, add it */
  1076. if (xs_set_add(&seen, user.actor) == 1) {
  1077. xs *actor = msg_actor(&user);
  1078. xs *acct = mastoapi_account(actor);
  1079. out = xs_list_append(out, acct);
  1080. }
  1081. user_free(&user);
  1082. }
  1083. }
  1084. xs_set_free(&seen);
  1085. }
  1086. }
  1087. else
  1088. /* is it a local user? */
  1089. if (user_open(&snac2, uid) || user_open_by_md5(&snac2, uid)) {
  1090. if (opt == NULL) {
  1091. /* account information */
  1092. actor = msg_actor(&snac2);
  1093. out = mastoapi_account(actor);
  1094. }
  1095. else
  1096. if (strcmp(opt, "statuses") == 0) { /** **/
  1097. /* the public list of posts of a user */
  1098. xs *timeline = timeline_simple_list(&snac2, "public", 0, 256);
  1099. xs_list *p = timeline;
  1100. xs_str *v;
  1101. out = xs_list_new();
  1102. while (xs_list_iter(&p, &v)) {
  1103. xs *msg = NULL;
  1104. if (valid_status(timeline_get_by_md5(&snac2, v, &msg))) {
  1105. /* add only posts by the author */
  1106. if (strcmp(xs_dict_get(msg, "type"), "Note") == 0 &&
  1107. xs_startswith(xs_dict_get(msg, "id"), snac2.actor)) {
  1108. xs *st = mastoapi_status(&snac2, msg);
  1109. if (st)
  1110. out = xs_list_append(out, st);
  1111. }
  1112. }
  1113. }
  1114. }
  1115. user_free(&snac2);
  1116. }
  1117. else {
  1118. /* try the uid as the md5 of a possibly loaded actor */
  1119. if (logged_in && valid_status(object_get_by_md5(uid, &actor))) {
  1120. if (opt == NULL) {
  1121. /* account information */
  1122. out = mastoapi_account(actor);
  1123. }
  1124. else
  1125. if (strcmp(opt, "statuses") == 0) {
  1126. /* we don't serve statuses of others; return the empty list */
  1127. out = xs_list_new();
  1128. }
  1129. }
  1130. }
  1131. if (out != NULL) {
  1132. *body = xs_json_dumps(out, 4);
  1133. *ctype = "application/json";
  1134. status = 200;
  1135. }
  1136. }
  1137. }
  1138. else
  1139. if (strcmp(cmd, "/v1/timelines/home") == 0) { /** **/
  1140. /* the private timeline */
  1141. if (logged_in) {
  1142. const char *max_id = xs_dict_get(args, "max_id");
  1143. const char *since_id = xs_dict_get(args, "since_id");
  1144. const char *min_id = xs_dict_get(args, "min_id");
  1145. const char *limit_s = xs_dict_get(args, "limit");
  1146. int limit = 0;
  1147. int cnt = 0;
  1148. if (!xs_is_null(limit_s))
  1149. limit = atoi(limit_s);
  1150. if (limit == 0)
  1151. limit = 20;
  1152. xs *timeline = timeline_simple_list(&snac1, "private", 0, 2048);
  1153. xs *out = xs_list_new();
  1154. xs_list *p = timeline;
  1155. xs_str *v;
  1156. while (xs_list_iter(&p, &v) && cnt < limit) {
  1157. xs *msg = NULL;
  1158. /* only return entries older that max_id */
  1159. if (max_id) {
  1160. if (strcmp(v, MID_TO_MD5(max_id)) == 0)
  1161. max_id = NULL;
  1162. continue;
  1163. }
  1164. /* only returns entries newer than since_id */
  1165. if (since_id) {
  1166. if (strcmp(v, MID_TO_MD5(since_id)) == 0)
  1167. break;
  1168. }
  1169. /* only returns entries newer than min_id */
  1170. /* what does really "Return results immediately newer than ID" mean? */
  1171. if (min_id) {
  1172. if (strcmp(v, MID_TO_MD5(min_id)) == 0)
  1173. break;
  1174. }
  1175. /* get the entry */
  1176. if (!valid_status(timeline_get_by_md5(&snac1, v, &msg)))
  1177. continue;
  1178. /* discard non-Notes */
  1179. const char *id = xs_dict_get(msg, "id");
  1180. const char *type = xs_dict_get(msg, "type");
  1181. if (!xs_match(type, POSTLIKE_OBJECT_TYPE))
  1182. continue;
  1183. const char *from = NULL;
  1184. if (strcmp(type, "Page") == 0)
  1185. from = xs_dict_get(msg, "audience");
  1186. if (from == NULL)
  1187. from = get_atto(msg);
  1188. if (from == NULL)
  1189. continue;
  1190. /* is this message from a person we don't follow? */
  1191. if (strcmp(from, snac1.actor) && !following_check(&snac1, from)) {
  1192. /* discard if it was not boosted */
  1193. xs *idx = object_announces(id);
  1194. if (xs_list_len(idx) == 0)
  1195. continue;
  1196. }
  1197. /* discard notes from muted morons */
  1198. if (is_muted(&snac1, from))
  1199. continue;
  1200. /* discard hidden notes */
  1201. if (is_hidden(&snac1, id))
  1202. continue;
  1203. /* if it has a name and it's not a Page or a Video,
  1204. it's a poll vote, so discard it */
  1205. if (!xs_is_null(xs_dict_get(msg, "name")) && !xs_match(type, "Page|Video"))
  1206. continue;
  1207. /* convert the Note into a Mastodon status */
  1208. xs *st = mastoapi_status(&snac1, msg);
  1209. if (st != NULL)
  1210. out = xs_list_append(out, st);
  1211. cnt++;
  1212. }
  1213. *body = xs_json_dumps(out, 4);
  1214. *ctype = "application/json";
  1215. status = 200;
  1216. srv_debug(2, xs_fmt("mastoapi timeline: returned %d entries", xs_list_len(out)));
  1217. }
  1218. else {
  1219. status = 401; // unauthorized
  1220. }
  1221. }
  1222. else
  1223. if (strcmp(cmd, "/v1/timelines/public") == 0) { /** **/
  1224. /* the instance public timeline (public timelines for all users) */
  1225. const char *limit_s = xs_dict_get(args, "limit");
  1226. int limit = 0;
  1227. int cnt = 0;
  1228. if (!xs_is_null(limit_s))
  1229. limit = atoi(limit_s);
  1230. if (limit == 0)
  1231. limit = 20;
  1232. xs *timeline = timeline_instance_list(0, limit);
  1233. xs *out = xs_list_new();
  1234. xs_list *p = timeline;
  1235. xs_str *md5;
  1236. snac *user = NULL;
  1237. if (logged_in)
  1238. user = &snac1;
  1239. while (xs_list_iter(&p, &md5) && cnt < limit) {
  1240. xs *msg = NULL;
  1241. /* get the entry */
  1242. if (!valid_status(object_get_by_md5(md5, &msg)))
  1243. continue;
  1244. /* discard non-Notes */
  1245. const char *type = xs_dict_get(msg, "type");
  1246. if (strcmp(type, "Note") != 0 && strcmp(type, "Question") != 0)
  1247. continue;
  1248. /* discard messages from private users */
  1249. if (is_msg_from_private_user(msg))
  1250. continue;
  1251. /* convert the Note into a Mastodon status */
  1252. xs *st = mastoapi_status(user, msg);
  1253. if (st != NULL) {
  1254. out = xs_list_append(out, st);
  1255. cnt++;
  1256. }
  1257. }
  1258. *body = xs_json_dumps(out, 4);
  1259. *ctype = "application/json";
  1260. status = 200;
  1261. }
  1262. else
  1263. if (xs_startswith(cmd, "/v1/timelines/tag/")) { /** **/
  1264. const char *limit_s = xs_dict_get(args, "limit");
  1265. int limit = 0;
  1266. int cnt = 0;
  1267. if (!xs_is_null(limit_s))
  1268. limit = atoi(limit_s);
  1269. if (limit == 0)
  1270. limit = 20;
  1271. /* get the tag */
  1272. xs *l = xs_split(cmd, "/");
  1273. const char *tag = xs_list_get(l, -1);
  1274. xs *timeline = tag_search(tag, 0, limit);
  1275. xs *out = xs_list_new();
  1276. xs_list *p = timeline;
  1277. xs_str *md5;
  1278. while (xs_list_iter(&p, &md5) && cnt < limit) {
  1279. xs *msg = NULL;
  1280. /* get the entry */
  1281. if (!valid_status(object_get_by_md5(md5, &msg)))
  1282. continue;
  1283. /* skip non-public messages */
  1284. if (!is_msg_public(msg))
  1285. continue;
  1286. /* discard messages from private users */
  1287. if (is_msg_from_private_user(msg))
  1288. continue;
  1289. /* convert the Note into a Mastodon status */
  1290. xs *st = mastoapi_status(NULL, msg);
  1291. if (st != NULL) {
  1292. out = xs_list_append(out, st);
  1293. cnt++;
  1294. }
  1295. }
  1296. *body = xs_json_dumps(out, 4);
  1297. *ctype = "application/json";
  1298. status = 200;
  1299. }
  1300. else
  1301. if (xs_startswith(cmd, "/v1/timelines/list/")) { /** **/
  1302. /* get the list id */
  1303. if (logged_in) {
  1304. xs *l = xs_split(cmd, "/");
  1305. const char *list = xs_list_get(l, -1);
  1306. xs *timeline = list_timeline(&snac1, list, 0, 2048);
  1307. xs *out = xs_list_new();
  1308. int c = 0;
  1309. char *md5;
  1310. while (xs_list_next(timeline, &md5, &c)) {
  1311. xs *msg = NULL;
  1312. /* get the entry */
  1313. if (!valid_status(timeline_get_by_md5(&snac1, md5, &msg)))
  1314. continue;
  1315. /* discard non-Notes */
  1316. const char *id = xs_dict_get(msg, "id");
  1317. const char *type = xs_dict_get(msg, "type");
  1318. if (!xs_match(type, POSTLIKE_OBJECT_TYPE))
  1319. continue;
  1320. const char *from = NULL;
  1321. if (strcmp(type, "Page") == 0)
  1322. from = xs_dict_get(msg, "audience");
  1323. if (from == NULL)
  1324. from = get_atto(msg);
  1325. if (from == NULL)
  1326. continue;
  1327. /* is this message from a person we don't follow? */
  1328. if (strcmp(from, snac1.actor) && !following_check(&snac1, from)) {
  1329. /* discard if it was not boosted */
  1330. xs *idx = object_announces(id);
  1331. if (xs_list_len(idx) == 0)
  1332. continue;
  1333. }
  1334. /* discard notes from muted morons */
  1335. if (is_muted(&snac1, from))
  1336. continue;
  1337. /* discard hidden notes */
  1338. if (is_hidden(&snac1, id))
  1339. continue;
  1340. /* if it has a name and it's not a Page or a Video,
  1341. it's a poll vote, so discard it */
  1342. if (!xs_is_null(xs_dict_get(msg, "name")) && !xs_match(type, "Page|Video"))
  1343. continue;
  1344. /* convert the Note into a Mastodon status */
  1345. xs *st = mastoapi_status(&snac1, msg);
  1346. if (st != NULL)
  1347. out = xs_list_append(out, st);
  1348. }
  1349. *body = xs_json_dumps(out, 4);
  1350. *ctype = "application/json";
  1351. status = 200;
  1352. }
  1353. else
  1354. status = 421;
  1355. }
  1356. else
  1357. if (strcmp(cmd, "/v1/conversations") == 0) { /** **/
  1358. /* TBD */
  1359. *body = xs_dup("[]");
  1360. *ctype = "application/json";
  1361. status = 200;
  1362. }
  1363. else
  1364. if (strcmp(cmd, "/v1/notifications") == 0) { /** **/
  1365. if (logged_in) {
  1366. xs *l = notify_list(&snac1, 0, 64);
  1367. xs *out = xs_list_new();
  1368. xs_list *p = l;
  1369. xs_dict *v;
  1370. const xs_list *excl = xs_dict_get(args, "exclude_types[]");
  1371. while (xs_list_iter(&p, &v)) {
  1372. xs *noti = notify_get(&snac1, v);
  1373. if (noti == NULL)
  1374. continue;
  1375. const char *type = xs_dict_get(noti, "type");
  1376. const char *utype = xs_dict_get(noti, "utype");
  1377. const char *objid = xs_dict_get(noti, "objid");
  1378. xs *actor = NULL;
  1379. xs *entry = NULL;
  1380. if (!valid_status(actor_get(xs_dict_get(noti, "actor"), &actor)))
  1381. continue;
  1382. if (objid != NULL && !valid_status(object_get(objid, &entry)))
  1383. continue;
  1384. if (is_hidden(&snac1, objid))
  1385. continue;
  1386. /* convert the type */
  1387. if (strcmp(type, "Like") == 0)
  1388. type = "favourite";
  1389. else
  1390. if (strcmp(type, "Announce") == 0)
  1391. type = "reblog";
  1392. else
  1393. if (strcmp(type, "Follow") == 0)
  1394. type = "follow";
  1395. else
  1396. if (strcmp(type, "Create") == 0)
  1397. type = "mention";
  1398. else
  1399. if (strcmp(type, "Update") == 0 && strcmp(utype, "Question") == 0)
  1400. type = "poll";
  1401. else
  1402. continue;
  1403. /* excluded type? */
  1404. if (!xs_is_null(excl) && xs_list_in(excl, type) != -1)
  1405. continue;
  1406. xs *mn = xs_dict_new();
  1407. mn = xs_dict_append(mn, "type", type);
  1408. xs *id = xs_replace(xs_dict_get(noti, "id"), ".", "");
  1409. mn = xs_dict_append(mn, "id", id);
  1410. mn = xs_dict_append(mn, "created_at", xs_dict_get(noti, "date"));
  1411. xs *acct = mastoapi_account(actor);
  1412. mn = xs_dict_append(mn, "account", acct);
  1413. if (strcmp(type, "follow") != 0 && !xs_is_null(objid)) {
  1414. xs *st = mastoapi_status(&snac1, entry);
  1415. if (st)
  1416. mn = xs_dict_append(mn, "status", st);
  1417. }
  1418. out = xs_list_append(out, mn);
  1419. }
  1420. *body = xs_json_dumps(out, 4);
  1421. *ctype = "application/json";
  1422. status = 200;
  1423. }
  1424. else
  1425. status = 401;
  1426. }
  1427. else
  1428. if (strcmp(cmd, "/v1/filters") == 0) { /** **/
  1429. /* snac will never have filters */
  1430. *body = xs_dup("[]");
  1431. *ctype = "application/json";
  1432. status = 200;
  1433. }
  1434. else
  1435. if (strcmp(cmd, "/v2/filters") == 0) { /** **/
  1436. /* snac will never have filters
  1437. * but still, without a v2 endpoint a short delay is introduced
  1438. * in some apps */
  1439. *body = xs_dup("[]");
  1440. *ctype = "application/json";
  1441. status = 200;
  1442. }
  1443. else
  1444. if (strcmp(cmd, "/v1/favourites") == 0) { /** **/
  1445. /* snac will never support a list of favourites */
  1446. *body = xs_dup("[]");
  1447. *ctype = "application/json";
  1448. status = 200;
  1449. }
  1450. else
  1451. if (strcmp(cmd, "/v1/bookmarks") == 0) { /** **/
  1452. /* snac does not support bookmarks */
  1453. *body = xs_dup("[]");
  1454. *ctype = "application/json";
  1455. status = 200;
  1456. }
  1457. else
  1458. if (strcmp(cmd, "/v1/lists") == 0) { /** list of lists **/
  1459. if (logged_in) {
  1460. xs *lol = list_maint(&snac1, NULL, 0);
  1461. xs *l = xs_list_new();
  1462. int c = 0;
  1463. xs_list *li;
  1464. while (xs_list_next(lol, &li, &c)) {
  1465. xs *d = xs_dict_new();
  1466. d = xs_dict_append(d, "id", xs_list_get(li, 0));
  1467. d = xs_dict_append(d, "title", xs_list_get(li, 1));
  1468. d = xs_dict_append(d, "replies_policy", "list");
  1469. d = xs_dict_append(d, "exclusive", xs_stock(XSTYPE_FALSE));
  1470. l = xs_list_append(l, d);
  1471. }
  1472. *body = xs_json_dumps(l, 4);
  1473. *ctype = "application/json";
  1474. status = 200;
  1475. }
  1476. }
  1477. else
  1478. if (xs_startswith(cmd, "/v1/lists/")) { /** list information **/
  1479. if (logged_in) {
  1480. xs *l = xs_split(cmd, "/");
  1481. const char *p = xs_list_get(l, -1);
  1482. if (p) {
  1483. if (strcmp(p, "accounts") == 0) {
  1484. p = xs_list_get(l, -2);
  1485. if (p && xs_is_hex(p)) {
  1486. xs *actors = list_content(&snac1, p, NULL, 0);
  1487. xs *out = xs_list_new();
  1488. int c = 0;
  1489. char *v;
  1490. while (xs_list_next(actors, &v, &c)) {
  1491. xs *actor = NULL;
  1492. if (valid_status(object_get_by_md5(v, &actor))) {
  1493. xs *acct = mastoapi_account(actor);
  1494. out = xs_list_append(out, acct);
  1495. }
  1496. }
  1497. *body = xs_json_dumps(out, 4);
  1498. *ctype = "application/json";
  1499. status = 200;
  1500. }
  1501. }
  1502. else
  1503. if (xs_is_hex(p)) {
  1504. xs *out = xs_list_new();
  1505. xs *lol = list_maint(&snac1, NULL, 0);
  1506. int c = 0;
  1507. xs_list *v;
  1508. while (xs_list_next(lol, &v, &c)) {
  1509. const char *id = xs_list_get(v, 0);
  1510. if (id && strcmp(id, p) == 0) {
  1511. xs *d = xs_dict_new();
  1512. d = xs_dict_append(d, "id", p);
  1513. d = xs_dict_append(d, "title", xs_list_get(v, 1));
  1514. d = xs_dict_append(d, "replies_policy", "list");
  1515. d = xs_dict_append(d, "exclusive", xs_stock(XSTYPE_FALSE));
  1516. out = xs_list_append(out, d);
  1517. break;
  1518. }
  1519. }
  1520. *body = xs_json_dumps(out, 4);
  1521. *ctype = "application/json";
  1522. status = 200;
  1523. }
  1524. }
  1525. }
  1526. }
  1527. else
  1528. if (strcmp(cmd, "/v1/scheduled_statuses") == 0) { /** **/
  1529. /* snac does not schedule notes */
  1530. *body = xs_dup("[]");
  1531. *ctype = "application/json";
  1532. status = 200;
  1533. }
  1534. else
  1535. if (strcmp(cmd, "/v1/follow_requests") == 0) { /** **/
  1536. /* snac does not support optional follow confirmations */
  1537. *body = xs_dup("[]");
  1538. *ctype = "application/json";
  1539. status = 200;
  1540. }
  1541. else
  1542. if (strcmp(cmd, "/v1/announcements") == 0) { /** **/
  1543. /* snac has no announcements (yet?) */
  1544. *body = xs_dup("[]");
  1545. *ctype = "application/json";
  1546. status = 200;
  1547. }
  1548. else
  1549. if (strcmp(cmd, "/v1/custom_emojis") == 0) { /** **/
  1550. /* are you kidding me? */
  1551. *body = xs_dup("[]");
  1552. *ctype = "application/json";
  1553. status = 200;
  1554. }
  1555. else
  1556. if (strcmp(cmd, "/v1/instance") == 0) { /** **/
  1557. /* returns an instance object */
  1558. xs *ins = xs_dict_new();
  1559. const char *host = xs_dict_get(srv_config, "host");
  1560. const char *title = xs_dict_get(srv_config, "title");
  1561. const char *sdesc = xs_dict_get(srv_config, "short_description");
  1562. ins = xs_dict_append(ins, "uri", host);
  1563. ins = xs_dict_append(ins, "domain", host);
  1564. ins = xs_dict_append(ins, "title", title && *title ? title : host);
  1565. ins = xs_dict_append(ins, "version", "4.0.0 (not true; really " USER_AGENT ")");
  1566. ins = xs_dict_append(ins, "source_url", WHAT_IS_SNAC_URL);
  1567. ins = xs_dict_append(ins, "description", host);
  1568. ins = xs_dict_append(ins, "short_description", sdesc && *sdesc ? sdesc : host);
  1569. xs *susie = xs_fmt("%s/susie.png", srv_baseurl);
  1570. ins = xs_dict_append(ins, "thumbnail", susie);
  1571. const char *v = xs_dict_get(srv_config, "admin_email");
  1572. if (xs_is_null(v) || *v == '\0')
  1573. v = "admin@localhost";
  1574. ins = xs_dict_append(ins, "email", v);
  1575. ins = xs_dict_append(ins, "rules", xs_stock(XSTYPE_LIST));
  1576. xs *l1 = xs_list_append(xs_list_new(), "en");
  1577. ins = xs_dict_append(ins, "languages", l1);
  1578. xs *wss = xs_fmt("wss:/" "/%s", xs_dict_get(srv_config, "host"));
  1579. xs *urls = xs_dict_new();
  1580. urls = xs_dict_append(urls, "streaming_api", wss);
  1581. ins = xs_dict_append(ins, "urls", urls);
  1582. xs *d2 = xs_dict_append(xs_dict_new(), "user_count", xs_stock(0));
  1583. d2 = xs_dict_append(d2, "status_count", xs_stock(0));
  1584. d2 = xs_dict_append(d2, "domain_count", xs_stock(0));
  1585. ins = xs_dict_append(ins, "stats", d2);
  1586. ins = xs_dict_append(ins, "registrations", xs_stock(XSTYPE_FALSE));
  1587. ins = xs_dict_append(ins, "approval_required", xs_stock(XSTYPE_FALSE));
  1588. ins = xs_dict_append(ins, "invites_enabled", xs_stock(XSTYPE_FALSE));
  1589. xs *cfg = xs_dict_new();
  1590. {
  1591. xs *d11 = xs_json_loads("{\"characters_reserved_per_url\":32,"
  1592. "\"max_characters\":100000,\"max_media_attachments\":8}");
  1593. cfg = xs_dict_append(cfg, "statuses", d11);
  1594. xs *d12 = xs_json_loads("{\"max_featured_tags\":10}");
  1595. cfg = xs_dict_append(cfg, "accounts", d12);
  1596. xs *d13 = xs_json_loads("{\"image_matrix_limit\":33177600,"
  1597. "\"image_size_limit\":16777216,"
  1598. "\"video_frame_rate_limit\":120,"
  1599. "\"video_matrix_limit\":8294400,"
  1600. "\"video_size_limit\":103809024}"
  1601. );
  1602. {
  1603. /* get the supported mime types from the internal list */
  1604. const char **p = xs_mime_types;
  1605. xs_set mtypes;
  1606. xs_set_init(&mtypes);
  1607. while (*p) {
  1608. const char *type = p[1];
  1609. if (xs_startswith(type, "image/") ||
  1610. xs_startswith(type, "video/") ||
  1611. xs_startswith(type, "audio/"))
  1612. xs_set_add(&mtypes, type);
  1613. p += 2;
  1614. }
  1615. xs *l = xs_set_result(&mtypes);
  1616. d13 = xs_dict_append(d13, "supported_mime_types", l);
  1617. }
  1618. cfg = xs_dict_append(cfg, "media_attachments", d13);
  1619. xs *d14 = xs_json_loads("{\"max_characters_per_option\":50,"
  1620. "\"max_expiration\":2629746,"
  1621. "\"max_options\":8,\"min_expiration\":300}");
  1622. cfg = xs_dict_append(cfg, "polls", d14);
  1623. }
  1624. ins = xs_dict_append(ins, "configuration", cfg);
  1625. const char *admin_account = xs_dict_get(srv_config, "admin_account");
  1626. if (!xs_is_null(admin_account) && *admin_account) {
  1627. snac admin;
  1628. if (user_open(&admin, admin_account)) {
  1629. xs *actor = msg_actor(&admin);
  1630. xs *acct = mastoapi_account(actor);
  1631. ins = xs_dict_append(ins, "contact_account", acct);
  1632. user_free(&admin);
  1633. }
  1634. }
  1635. *body = xs_json_dumps(ins, 4);
  1636. *ctype = "application/json";
  1637. status = 200;
  1638. }
  1639. else
  1640. if (xs_startswith(cmd, "/v1/statuses/")) { /** **/
  1641. /* information about a status */
  1642. if (logged_in) {
  1643. xs *l = xs_split(cmd, "/");
  1644. const char *id = xs_list_get(l, 3);
  1645. const char *op = xs_list_get(l, 4);
  1646. if (!xs_is_null(id)) {
  1647. xs *msg = NULL;
  1648. xs *out = NULL;
  1649. /* skip the 'fake' part of the id */
  1650. id = MID_TO_MD5(id);
  1651. if (valid_status(object_get_by_md5(id, &msg))) {
  1652. if (op == NULL) {
  1653. if (!is_muted(&snac1, get_atto(msg))) {
  1654. /* return the status itself */
  1655. out = mastoapi_status(&snac1, msg);
  1656. }
  1657. }
  1658. else
  1659. if (strcmp(op, "context") == 0) { /** **/
  1660. /* return ancestors and children */
  1661. xs *anc = xs_list_new();
  1662. xs *des = xs_list_new();
  1663. xs_list *p;
  1664. xs_str *v;
  1665. char pid[64];
  1666. /* build the [grand]parent list, moving up */
  1667. strncpy(pid, id, sizeof(pid));
  1668. while (object_parent(pid, pid, sizeof(pid))) {
  1669. xs *m2 = NULL;
  1670. if (valid_status(timeline_get_by_md5(&snac1, pid, &m2))) {
  1671. xs *st = mastoapi_status(&snac1, m2);
  1672. if (st)
  1673. anc = xs_list_insert(anc, 0, st);
  1674. }
  1675. else
  1676. break;
  1677. }
  1678. /* build the children list */
  1679. xs *children = object_children(xs_dict_get(msg, "id"));
  1680. p = children;
  1681. while (xs_list_iter(&p, &v)) {
  1682. xs *m2 = NULL;
  1683. if (valid_status(timeline_get_by_md5(&snac1, v, &m2))) {
  1684. if (xs_is_null(xs_dict_get(m2, "name"))) {
  1685. xs *st = mastoapi_status(&snac1, m2);
  1686. if (st)
  1687. des = xs_list_append(des, st);
  1688. }
  1689. }
  1690. }
  1691. out = xs_dict_new();
  1692. out = xs_dict_append(out, "ancestors", anc);
  1693. out = xs_dict_append(out, "descendants", des);
  1694. }
  1695. else
  1696. if (strcmp(op, "reblogged_by") == 0 || /** **/
  1697. strcmp(op, "favourited_by") == 0) { /** **/
  1698. /* return the list of people who liked or boosted this */
  1699. out = xs_list_new();
  1700. xs *l = NULL;
  1701. if (op[0] == 'r')
  1702. l = object_announces(xs_dict_get(msg, "id"));
  1703. else
  1704. l = object_likes(xs_dict_get(msg, "id"));
  1705. xs_list *p = l;
  1706. xs_str *v;
  1707. while (xs_list_iter(&p, &v)) {
  1708. xs *actor2 = NULL;
  1709. if (valid_status(object_get_by_md5(v, &actor2))) {
  1710. xs *acct2 = mastoapi_account(actor2);
  1711. out = xs_list_append(out, acct2);
  1712. }
  1713. }
  1714. }
  1715. else
  1716. if (strcmp(op, "source") == 0) { /** **/
  1717. out = xs_dict_new();
  1718. /* get the mastoapi status id */
  1719. out = xs_dict_append(out, "id", xs_list_get(l, 3));
  1720. out = xs_dict_append(out, "text", xs_dict_get(msg, "sourceContent"));
  1721. out = xs_dict_append(out, "spoiler_text", xs_dict_get(msg, "summary"));
  1722. }
  1723. }
  1724. else
  1725. srv_debug(1, xs_fmt("mastoapi status: bad id %s", id));
  1726. if (out != NULL) {
  1727. *body = xs_json_dumps(out, 4);
  1728. *ctype = "application/json";
  1729. status = 200;
  1730. }
  1731. }
  1732. }
  1733. else
  1734. status = 401;
  1735. }
  1736. else
  1737. if (strcmp(cmd, "/v1/preferences") == 0) { /** **/
  1738. *body = xs_dup("{}");
  1739. *ctype = "application/json";
  1740. status = 200;
  1741. }
  1742. else
  1743. if (strcmp(cmd, "/v1/markers") == 0) { /** **/
  1744. *body = xs_dup("{}");
  1745. *ctype = "application/json";
  1746. status = 200;
  1747. }
  1748. else
  1749. if (strcmp(cmd, "/v1/followed_tags") == 0) { /** **/
  1750. *body = xs_dup("[]");
  1751. *ctype = "application/json";
  1752. status = 200;
  1753. }
  1754. else
  1755. if (strcmp(cmd, "/v2/search") == 0) { /** **/
  1756. if (logged_in) {
  1757. const char *q = xs_dict_get(args, "q");
  1758. const char *type = xs_dict_get(args, "type");
  1759. const char *offset = xs_dict_get(args, "offset");
  1760. xs *acl = xs_list_new();
  1761. xs *stl = xs_list_new();
  1762. xs *htl = xs_list_new();
  1763. xs *res = xs_dict_new();
  1764. if (xs_is_null(offset) || strcmp(offset, "0") == 0) {
  1765. /* reply something only for offset 0; otherwise,
  1766. apps like Tusky keep asking again and again */
  1767. if (!xs_is_null(q)) {
  1768. if (xs_is_null(type) || strcmp(type, "accounts") == 0) {
  1769. /* do a webfinger query */
  1770. char *actor = NULL;
  1771. char *user = NULL;
  1772. if (valid_status(webfinger_request(q, &actor, &user)) && actor) {
  1773. xs *actor_o = NULL;
  1774. if (valid_status(actor_request(&snac1, actor, &actor_o))) {
  1775. xs *acct = mastoapi_account(actor_o);
  1776. acl = xs_list_append(acl, acct);
  1777. }
  1778. }
  1779. }
  1780. if (xs_is_null(type) || strcmp(type, "hashtags") == 0) {
  1781. /* search this tag */
  1782. xs *tl = tag_search((char *)q, 0, 1);
  1783. if (xs_list_len(tl)) {
  1784. xs *d = xs_dict_new();
  1785. d = xs_dict_append(d, "name", q);
  1786. xs *url = xs_fmt("%s?t=%s", srv_baseurl, q);
  1787. d = xs_dict_append(d, "url", url);
  1788. d = xs_dict_append(d, "history", xs_stock(XSTYPE_LIST));
  1789. htl = xs_list_append(htl, d);
  1790. }
  1791. }
  1792. if (xs_is_null(type) || strcmp(type, "statuses") == 0) {
  1793. int to = 0;
  1794. int cnt = 40;
  1795. xs *tl = content_search(&snac1, q, 1, 0, cnt, 0, &to);
  1796. int c = 0;
  1797. char *v;
  1798. while (xs_list_next(tl, &v, &c) && --cnt) {
  1799. xs *post = NULL;
  1800. if (!valid_status(timeline_get_by_md5(&snac1, v, &post)))
  1801. continue;
  1802. xs *s = mastoapi_status(&snac1, post);
  1803. if (!xs_is_null(s))
  1804. stl = xs_list_append(stl, s);
  1805. }
  1806. }
  1807. }
  1808. }
  1809. res = xs_dict_append(res, "accounts", acl);
  1810. res = xs_dict_append(res, "statuses", stl);
  1811. res = xs_dict_append(res, "hashtags", htl);
  1812. *body = xs_json_dumps(res, 4);
  1813. *ctype = "application/json";
  1814. status = 200;
  1815. }
  1816. else
  1817. status = 401;
  1818. }
  1819. /* user cleanup */
  1820. if (logged_in)
  1821. user_free(&snac1);
  1822. srv_debug(1, xs_fmt("mastoapi_get_handler %s %d", q_path, status));
  1823. return status;
  1824. }
  1825. int mastoapi_post_handler(const xs_dict *req, const char *q_path,
  1826. const char *payload, int p_size,
  1827. char **body, int *b_size, char **ctype)
  1828. {
  1829. (void)p_size;
  1830. (void)b_size;
  1831. if (!xs_startswith(q_path, "/api/v1/") && !xs_startswith(q_path, "/api/v2/"))
  1832. return 0;
  1833. int status = 404;
  1834. xs *args = NULL;
  1835. const char *i_ctype = xs_dict_get(req, "content-type");
  1836. if (i_ctype && xs_startswith(i_ctype, "application/json")) {
  1837. if (!xs_is_null(payload))
  1838. args = xs_json_loads(payload);
  1839. }
  1840. else if (i_ctype && xs_startswith(i_ctype, "application/x-www-form-urlencoded"))
  1841. {
  1842. // Some apps send form data instead of json so we should cater for those
  1843. if (!xs_is_null(payload)) {
  1844. xs *upl = xs_url_dec(payload);
  1845. args = xs_url_vars(upl);
  1846. }
  1847. }
  1848. else
  1849. args = xs_dup(xs_dict_get(req, "p_vars"));
  1850. if (args == NULL)
  1851. return 400;
  1852. xs *cmd = xs_replace_n(q_path, "/api", "", 1);
  1853. snac snac = {0};
  1854. int logged_in = process_auth_token(&snac, req);
  1855. if (strcmp(cmd, "/v1/apps") == 0) { /** **/
  1856. const char *name = xs_dict_get(args, "client_name");
  1857. const char *ruri = xs_dict_get(args, "redirect_uris");
  1858. const char *scope = xs_dict_get(args, "scope");
  1859. if (xs_type(ruri) == XSTYPE_LIST)
  1860. ruri = xs_dict_get(ruri, 0);
  1861. if (name && ruri) {
  1862. xs *app = xs_dict_new();
  1863. xs *id = xs_replace_i(tid(0), ".", "");
  1864. xs *csec = random_str();
  1865. xs *vkey = random_str();
  1866. xs *cid = NULL;
  1867. /* pick a non-existent random cid */
  1868. for (;;) {
  1869. cid = random_str();
  1870. xs *p_app = app_get(cid);
  1871. if (p_app == NULL)
  1872. break;
  1873. xs_free(cid);
  1874. }
  1875. app = xs_dict_append(app, "name", name);
  1876. app = xs_dict_append(app, "redirect_uri", ruri);
  1877. app = xs_dict_append(app, "client_id", cid);
  1878. app = xs_dict_append(app, "client_secret", csec);
  1879. app = xs_dict_append(app, "vapid_key", vkey);
  1880. app = xs_dict_append(app, "id", id);
  1881. *body = xs_json_dumps(app, 4);
  1882. *ctype = "application/json";
  1883. status = 200;
  1884. app = xs_dict_append(app, "code", "");
  1885. if (scope)
  1886. app = xs_dict_append(app, "scope", scope);
  1887. app_add(cid, app);
  1888. srv_debug(1, xs_fmt("mastoapi apps: new app %s", cid));
  1889. }
  1890. }
  1891. else
  1892. if (strcmp(cmd, "/v1/statuses") == 0) { /** **/
  1893. if (logged_in) {
  1894. /* post a new Note */
  1895. const char *content = xs_dict_get(args, "status");
  1896. const char *mid = xs_dict_get(args, "in_reply_to_id");
  1897. const char *visibility = xs_dict_get(args, "visibility");
  1898. const char *summary = xs_dict_get(args, "spoiler_text");
  1899. const char *media_ids = xs_dict_get(args, "media_ids");
  1900. if (xs_is_null(media_ids))
  1901. media_ids = xs_dict_get(args, "media_ids[]");
  1902. if (xs_is_null(media_ids))
  1903. media_ids = xs_dict_get(args, "media_ids");
  1904. if (xs_is_null(visibility))
  1905. visibility = "public";
  1906. xs *attach_list = xs_list_new();
  1907. xs *irt = NULL;
  1908. /* is it a reply? */
  1909. if (mid != NULL) {
  1910. xs *r_msg = NULL;
  1911. const char *md5 = MID_TO_MD5(mid);
  1912. if (valid_status(object_get_by_md5(md5, &r_msg)))
  1913. irt = xs_dup(xs_dict_get(r_msg, "id"));
  1914. }
  1915. /* does it have attachments? */
  1916. if (!xs_is_null(media_ids)) {
  1917. xs *mi = NULL;
  1918. if (xs_type(media_ids) == XSTYPE_LIST)
  1919. mi = xs_dup(media_ids);
  1920. else {
  1921. mi = xs_list_new();
  1922. mi = xs_list_append(mi, media_ids);
  1923. }
  1924. xs_list *p = mi;
  1925. xs_str *v;
  1926. while (xs_list_iter(&p, &v)) {
  1927. xs *l = xs_list_new();
  1928. xs *url = xs_fmt("%s/s/%s", snac.actor, v);
  1929. xs *desc = static_get_meta(&snac, v);
  1930. l = xs_list_append(l, url);
  1931. l = xs_list_append(l, desc);
  1932. attach_list = xs_list_append(attach_list, l);
  1933. }
  1934. }
  1935. /* prepare the message */
  1936. xs *msg = msg_note(&snac, content, NULL, irt, attach_list,
  1937. strcmp(visibility, "public") == 0 ? 0 : 1);
  1938. if (!xs_is_null(summary) && *summary) {
  1939. msg = xs_dict_set(msg, "sensitive", xs_stock(XSTYPE_TRUE));
  1940. msg = xs_dict_set(msg, "summary", summary);
  1941. }
  1942. /* store */
  1943. timeline_add(&snac, xs_dict_get(msg, "id"), msg);
  1944. /* 'Create' message */
  1945. xs *c_msg = msg_create(&snac, msg);
  1946. enqueue_message(&snac, c_msg);
  1947. timeline_touch(&snac);
  1948. /* convert to a mastodon status as a response code */
  1949. xs *st = mastoapi_status(&snac, msg);
  1950. *body = xs_json_dumps(st, 4);
  1951. *ctype = "application/json";
  1952. status = 200;
  1953. }
  1954. else
  1955. status = 401;
  1956. }
  1957. else
  1958. if (xs_startswith(cmd, "/v1/statuses")) { /** **/
  1959. if (logged_in) {
  1960. /* operations on a status */
  1961. xs *l = xs_split(cmd, "/");
  1962. const char *mid = xs_list_get(l, 3);
  1963. const char *op = xs_list_get(l, 4);
  1964. if (!xs_is_null(mid)) {
  1965. xs *msg = NULL;
  1966. xs *out = NULL;
  1967. /* skip the 'fake' part of the id */
  1968. mid = MID_TO_MD5(mid);
  1969. if (valid_status(timeline_get_by_md5(&snac, mid, &msg))) {
  1970. const char *id = xs_dict_get(msg, "id");
  1971. if (op == NULL) {
  1972. /* no operation (?) */
  1973. }
  1974. else
  1975. if (strcmp(op, "favourite") == 0) { /** **/
  1976. xs *n_msg = msg_admiration(&snac, id, "Like");
  1977. if (n_msg != NULL) {
  1978. enqueue_message(&snac, n_msg);
  1979. timeline_admire(&snac, xs_dict_get(n_msg, "object"), snac.actor, 1);
  1980. out = mastoapi_status(&snac, msg);
  1981. }
  1982. }
  1983. else
  1984. if (strcmp(op, "unfavourite") == 0) { /** **/
  1985. xs *n_msg = msg_repulsion(&snac, id, "Like");
  1986. if (n_msg != NULL) {
  1987. enqueue_message(&snac, n_msg);
  1988. out = mastoapi_status(&snac, msg);
  1989. }
  1990. }
  1991. else
  1992. if (strcmp(op, "reblog") == 0) { /** **/
  1993. xs *n_msg = msg_admiration(&snac, id, "Announce");
  1994. if (n_msg != NULL) {
  1995. enqueue_message(&snac, n_msg);
  1996. timeline_admire(&snac, xs_dict_get(n_msg, "object"), snac.actor, 0);
  1997. out = mastoapi_status(&snac, msg);
  1998. }
  1999. }
  2000. else
  2001. if (strcmp(op, "unreblog") == 0) { /** **/
  2002. xs *n_msg = msg_repulsion(&snac, id, "Announce");
  2003. if (n_msg != NULL) {
  2004. enqueue_message(&snac, n_msg);
  2005. out = mastoapi_status(&snac, msg);
  2006. }
  2007. }
  2008. else
  2009. if (strcmp(op, "bookmark") == 0) { /** **/
  2010. /* snac does not support bookmarks */
  2011. }
  2012. else
  2013. if (strcmp(op, "unbookmark") == 0) { /** **/
  2014. /* snac does not support bookmarks */
  2015. }
  2016. else
  2017. if (strcmp(op, "pin") == 0) { /** **/
  2018. /* pin this message */
  2019. if (pin(&snac, id))
  2020. out = mastoapi_status(&snac, msg);
  2021. else
  2022. status = 422;
  2023. }
  2024. else
  2025. if (strcmp(op, "unpin") == 0) { /** **/
  2026. /* unpin this message */
  2027. unpin(&snac, id);
  2028. out = mastoapi_status(&snac, msg);
  2029. }
  2030. else
  2031. if (strcmp(op, "mute") == 0) { /** **/
  2032. /* Mastodon's mute is snac's hide */
  2033. }
  2034. else
  2035. if (strcmp(op, "unmute") == 0) { /** **/
  2036. /* Mastodon's unmute is snac's unhide */
  2037. }
  2038. }
  2039. if (out != NULL) {
  2040. *body = xs_json_dumps(out, 4);
  2041. *ctype = "application/json";
  2042. status = 200;
  2043. }
  2044. }
  2045. }
  2046. else
  2047. status = 401;
  2048. }
  2049. else
  2050. if (strcmp(cmd, "/v1/notifications/clear") == 0) { /** **/
  2051. if (logged_in) {
  2052. notify_clear(&snac);
  2053. timeline_touch(&snac);
  2054. *body = xs_dup("{}");
  2055. *ctype = "application/json";
  2056. status = 200;
  2057. }
  2058. else
  2059. status = 401;
  2060. }
  2061. else
  2062. if (strcmp(cmd, "/v1/push/subscription") == 0) { /** **/
  2063. /* I don't know what I'm doing */
  2064. if (logged_in) {
  2065. const char *v;
  2066. xs *wpush = xs_dict_new();
  2067. wpush = xs_dict_append(wpush, "id", "1");
  2068. v = xs_dict_get(args, "data");
  2069. v = xs_dict_get(v, "alerts");
  2070. wpush = xs_dict_append(wpush, "alerts", v);
  2071. v = xs_dict_get(args, "subscription");
  2072. v = xs_dict_get(v, "endpoint");
  2073. wpush = xs_dict_append(wpush, "endpoint", v);
  2074. xs *server_key = random_str();
  2075. wpush = xs_dict_append(wpush, "server_key", server_key);
  2076. *body = xs_json_dumps(wpush, 4);
  2077. *ctype = "application/json";
  2078. status = 200;
  2079. }
  2080. else
  2081. status = 401;
  2082. }
  2083. else
  2084. if (strcmp(cmd, "/v1/media") == 0 || strcmp(cmd, "/v2/media") == 0) { /** **/
  2085. if (logged_in) {
  2086. const xs_list *file = xs_dict_get(args, "file");
  2087. const char *desc = xs_dict_get(args, "description");
  2088. if (xs_is_null(desc))
  2089. desc = "";
  2090. status = 400;
  2091. if (xs_type(file) == XSTYPE_LIST) {
  2092. const char *fn = xs_list_get(file, 0);
  2093. if (*fn != '\0') {
  2094. char *ext = strrchr(fn, '.');
  2095. xs *hash = xs_md5_hex(fn, strlen(fn));
  2096. xs *id = xs_fmt("%s%s", hash, ext);
  2097. xs *url = xs_fmt("%s/s/%s", snac.actor, id);
  2098. int fo = xs_number_get(xs_list_get(file, 1));
  2099. int fs = xs_number_get(xs_list_get(file, 2));
  2100. /* store */
  2101. static_put(&snac, id, payload + fo, fs);
  2102. static_put_meta(&snac, id, desc);
  2103. /* prepare a response */
  2104. xs *rsp = xs_dict_new();
  2105. rsp = xs_dict_append(rsp, "id", id);
  2106. rsp = xs_dict_append(rsp, "type", "image");
  2107. rsp = xs_dict_append(rsp, "url", url);
  2108. rsp = xs_dict_append(rsp, "preview_url", url);
  2109. rsp = xs_dict_append(rsp, "remote_url", url);
  2110. rsp = xs_dict_append(rsp, "description", desc);
  2111. *body = xs_json_dumps(rsp, 4);
  2112. *ctype = "application/json";
  2113. status = 200;
  2114. }
  2115. }
  2116. }
  2117. else
  2118. status = 401;
  2119. }
  2120. else
  2121. if (xs_startswith(cmd, "/v1/accounts")) { /** **/
  2122. if (logged_in) {
  2123. /* account-related information */
  2124. xs *l = xs_split(cmd, "/");
  2125. const char *md5 = xs_list_get(l, 3);
  2126. const char *opt = xs_list_get(l, 4);
  2127. xs *rsp = NULL;
  2128. if (!xs_is_null(md5) && *md5) {
  2129. xs *actor_o = NULL;
  2130. if (xs_is_null(opt)) {
  2131. /* ? */
  2132. }
  2133. else
  2134. if (strcmp(opt, "follow") == 0) { /** **/
  2135. if (valid_status(object_get_by_md5(md5, &actor_o))) {
  2136. const char *actor = xs_dict_get(actor_o, "id");
  2137. xs *msg = msg_follow(&snac, actor);
  2138. if (msg != NULL) {
  2139. /* reload the actor from the message, in may be different */
  2140. actor = xs_dict_get(msg, "object");
  2141. following_add(&snac, actor, msg);
  2142. enqueue_output_by_actor(&snac, msg, actor, 0);
  2143. rsp = mastoapi_relationship(&snac, md5);
  2144. }
  2145. }
  2146. }
  2147. else
  2148. if (strcmp(opt, "unfollow") == 0) { /** **/
  2149. if (valid_status(object_get_by_md5(md5, &actor_o))) {
  2150. const char *actor = xs_dict_get(actor_o, "id");
  2151. /* get the following object */
  2152. xs *object = NULL;
  2153. if (valid_status(following_get(&snac, actor, &object))) {
  2154. xs *msg = msg_undo(&snac, xs_dict_get(object, "object"));
  2155. following_del(&snac, actor);
  2156. enqueue_output_by_actor(&snac, msg, actor, 0);
  2157. rsp = mastoapi_relationship(&snac, md5);
  2158. }
  2159. }
  2160. }
  2161. else
  2162. if (strcmp(opt, "block") == 0) { /** **/
  2163. if (valid_status(object_get_by_md5(md5, &actor_o))) {
  2164. const char *actor = xs_dict_get(actor_o, "id");
  2165. mute(&snac, actor);
  2166. rsp = mastoapi_relationship(&snac, md5);
  2167. }
  2168. }
  2169. else
  2170. if (strcmp(opt, "unblock") == 0) { /** **/
  2171. if (valid_status(object_get_by_md5(md5, &actor_o))) {
  2172. const char *actor = xs_dict_get(actor_o, "id");
  2173. unmute(&snac, actor);
  2174. rsp = mastoapi_relationship(&snac, md5);
  2175. }
  2176. }
  2177. }
  2178. if (rsp != NULL) {
  2179. *body = xs_json_dumps(rsp, 4);
  2180. *ctype = "application/json";
  2181. status = 200;
  2182. }
  2183. }
  2184. else
  2185. status = 401;
  2186. }
  2187. else
  2188. if (xs_startswith(cmd, "/v1/polls")) { /** **/
  2189. if (logged_in) {
  2190. /* operations on a status */
  2191. xs *l = xs_split(cmd, "/");
  2192. const char *mid = xs_list_get(l, 3);
  2193. const char *op = xs_list_get(l, 4);
  2194. if (!xs_is_null(mid)) {
  2195. xs *msg = NULL;
  2196. xs *out = NULL;
  2197. /* skip the 'fake' part of the id */
  2198. mid = MID_TO_MD5(mid);
  2199. if (valid_status(timeline_get_by_md5(&snac, mid, &msg))) {
  2200. const char *id = xs_dict_get(msg, "id");
  2201. const char *atto = get_atto(msg);
  2202. const xs_list *opts = xs_dict_get(msg, "oneOf");
  2203. if (opts == NULL)
  2204. opts = xs_dict_get(msg, "anyOf");
  2205. if (op == NULL) {
  2206. }
  2207. else
  2208. if (strcmp(op, "votes") == 0) {
  2209. const xs_list *choices = xs_dict_get(args, "choices[]");
  2210. if (xs_is_null(choices))
  2211. choices = xs_dict_get(args, "choices");
  2212. if (xs_type(choices) == XSTYPE_LIST) {
  2213. xs_str *v;
  2214. int c = 0;
  2215. while (xs_list_next(choices, &v, &c)) {
  2216. int io = atoi(v);
  2217. const xs_dict *o = xs_list_get(opts, io);
  2218. if (o) {
  2219. const char *name = xs_dict_get(o, "name");
  2220. xs *msg = msg_note(&snac, "", atto, (char *)id, NULL, 1);
  2221. msg = xs_dict_append(msg, "name", name);
  2222. xs *c_msg = msg_create(&snac, msg);
  2223. enqueue_message(&snac, c_msg);
  2224. timeline_add(&snac, xs_dict_get(msg, "id"), msg);
  2225. }
  2226. }
  2227. out = mastoapi_poll(&snac, msg);
  2228. }
  2229. }
  2230. }
  2231. if (out != NULL) {
  2232. *body = xs_json_dumps(out, 4);
  2233. *ctype = "application/json";
  2234. status = 200;
  2235. }
  2236. }
  2237. }
  2238. else
  2239. status = 401;
  2240. }
  2241. else
  2242. if (strcmp(cmd, "/v1/lists") == 0) {
  2243. if (logged_in) {
  2244. const char *title = xs_dict_get(args, "title");
  2245. if (xs_type(title) == XSTYPE_STRING) {
  2246. /* add the list */
  2247. xs *out = xs_dict_new();
  2248. if (xs_type(list_maint(&snac, title, 1)) == XSTYPE_TRUE) {
  2249. out = xs_dict_append(out, "title", title);
  2250. out = xs_dict_append(out, "replies_policy", xs_dict_get_def(args, "replies_policy", "list"));
  2251. out = xs_dict_append(out, "exclusive", xs_stock(XSTYPE_FALSE));
  2252. status = 200;
  2253. }
  2254. else {
  2255. out = xs_dict_append(out, "error", "cannot create list");
  2256. status = 422;
  2257. }
  2258. *body = xs_json_dumps(out, 4);
  2259. *ctype = "application/json";
  2260. }
  2261. else
  2262. status = 422;
  2263. }
  2264. }
  2265. if (xs_startswith(cmd, "/v1/lists/")) { /** list maintenance **/
  2266. if (logged_in) {
  2267. xs *l = xs_split(cmd, "/");
  2268. const char *op = xs_list_get(l, -1);
  2269. const char *id = xs_list_get(l, -2);
  2270. if (op && id && xs_is_hex(id)) {
  2271. if (strcmp(op, "accounts") == 0) {
  2272. const xs_list *accts = xs_dict_get(args, "account_ids[]");
  2273. int c = 0;
  2274. char *v;
  2275. while (xs_list_next(accts, &v, &c)) {
  2276. list_content(&snac, id, v, 1);
  2277. }
  2278. status = 200;
  2279. }
  2280. }
  2281. }
  2282. else
  2283. status = 422;
  2284. }
  2285. /* user cleanup */
  2286. if (logged_in)
  2287. user_free(&snac);
  2288. srv_debug(1, xs_fmt("mastoapi_post_handler %s %d", q_path, status));
  2289. return status;
  2290. }
  2291. int mastoapi_delete_handler(const xs_dict *req, const char *q_path,
  2292. const char *payload, int p_size,
  2293. char **body, int *b_size, char **ctype)
  2294. {
  2295. (void)p_size;
  2296. (void)body;
  2297. (void)b_size;
  2298. (void)ctype;
  2299. if (!xs_startswith(q_path, "/api/v1/") && !xs_startswith(q_path, "/api/v2/"))
  2300. return 0;
  2301. int status = 404;
  2302. xs *args = NULL;
  2303. const char *i_ctype = xs_dict_get(req, "content-type");
  2304. if (i_ctype && xs_startswith(i_ctype, "application/json")) {
  2305. if (!xs_is_null(payload))
  2306. args = xs_json_loads(payload);
  2307. }
  2308. else if (i_ctype && xs_startswith(i_ctype, "application/x-www-form-urlencoded"))
  2309. {
  2310. // Some apps send form data instead of json so we should cater for those
  2311. if (!xs_is_null(payload)) {
  2312. xs *upl = xs_url_dec(payload);
  2313. args = xs_url_vars(upl);
  2314. }
  2315. }
  2316. else
  2317. args = xs_dup(xs_dict_get(req, "p_vars"));
  2318. if (args == NULL)
  2319. return 400;
  2320. snac snac = {0};
  2321. int logged_in = process_auth_token(&snac, req);
  2322. xs *cmd = xs_replace_n(q_path, "/api", "", 1);
  2323. if (xs_startswith(cmd, "/v1/push/subscription") || xs_startswith(cmd, "/v2/push/subscription")) { /** **/
  2324. // pretend we deleted it, since it doesn't exist anyway
  2325. status = 200;
  2326. }
  2327. else
  2328. if (xs_startswith(cmd, "/v1/lists/")) {
  2329. if (logged_in) {
  2330. xs *l = xs_split(cmd, "/");
  2331. const char *p = xs_list_get(l, -1);
  2332. if (p) {
  2333. if (strcmp(p, "accounts") == 0) {
  2334. /* delete account from list */
  2335. p = xs_list_get(l, -2);
  2336. const xs_list *accts = xs_dict_get(args, "account_ids[]");
  2337. int c = 0;
  2338. char *v;
  2339. while (xs_list_next(accts, &v, &c)) {
  2340. list_content(&snac, p, v, 2);
  2341. }
  2342. }
  2343. else {
  2344. /* delete list */
  2345. if (xs_is_hex(p)) {
  2346. list_maint(&snac, p, 2);
  2347. }
  2348. }
  2349. }
  2350. status = 200;
  2351. }
  2352. else
  2353. status = 401;
  2354. }
  2355. /* user cleanup */
  2356. if (logged_in)
  2357. user_free(&snac);
  2358. srv_debug(1, xs_fmt("mastoapi_delete_handler %s %d", q_path, status));
  2359. return status;
  2360. }
  2361. int mastoapi_put_handler(const xs_dict *req, const char *q_path,
  2362. const char *payload, int p_size,
  2363. char **body, int *b_size, char **ctype)
  2364. {
  2365. (void)p_size;
  2366. (void)b_size;
  2367. if (!xs_startswith(q_path, "/api/v1/") && !xs_startswith(q_path, "/api/v2/"))
  2368. return 0;
  2369. int status = 404;
  2370. xs *args = NULL;
  2371. const char *i_ctype = xs_dict_get(req, "content-type");
  2372. if (i_ctype && xs_startswith(i_ctype, "application/json")) {
  2373. if (!xs_is_null(payload))
  2374. args = xs_json_loads(payload);
  2375. }
  2376. else
  2377. args = xs_dup(xs_dict_get(req, "p_vars"));
  2378. if (args == NULL)
  2379. return 400;
  2380. xs *cmd = xs_replace_n(q_path, "/api", "", 1);
  2381. snac snac = {0};
  2382. int logged_in = process_auth_token(&snac, req);
  2383. if (xs_startswith(cmd, "/v1/media") || xs_startswith(cmd, "/v2/media")) { /** **/
  2384. if (logged_in) {
  2385. xs *l = xs_split(cmd, "/");
  2386. const char *stid = xs_list_get(l, 3);
  2387. if (!xs_is_null(stid)) {
  2388. const char *desc = xs_dict_get(args, "description");
  2389. /* set the image metadata */
  2390. static_put_meta(&snac, stid, desc);
  2391. /* prepare a response */
  2392. xs *rsp = xs_dict_new();
  2393. xs *url = xs_fmt("%s/s/%s", snac.actor, stid);
  2394. rsp = xs_dict_append(rsp, "id", stid);
  2395. rsp = xs_dict_append(rsp, "type", "image");
  2396. rsp = xs_dict_append(rsp, "url", url);
  2397. rsp = xs_dict_append(rsp, "preview_url", url);
  2398. rsp = xs_dict_append(rsp, "remote_url", url);
  2399. rsp = xs_dict_append(rsp, "description", desc);
  2400. *body = xs_json_dumps(rsp, 4);
  2401. *ctype = "application/json";
  2402. status = 200;
  2403. }
  2404. }
  2405. else
  2406. status = 401;
  2407. }
  2408. else
  2409. if (xs_startswith(cmd, "/v1/statuses")) {
  2410. if (logged_in) {
  2411. xs *l = xs_split(cmd, "/");
  2412. const char *mid = xs_list_get(l, 3);
  2413. if (!xs_is_null(mid)) {
  2414. const char *md5 = MID_TO_MD5(mid);
  2415. xs *rsp = NULL;
  2416. xs *msg = NULL;
  2417. if (valid_status(timeline_get_by_md5(&snac, md5, &msg))) {
  2418. const char *content = xs_dict_get(args, "status");
  2419. xs *atls = xs_list_new();
  2420. xs *f_content = not_really_markdown(content, &atls, NULL);
  2421. /* replace fields with new content */
  2422. msg = xs_dict_set(msg, "sourceContent", content);
  2423. msg = xs_dict_set(msg, "content", f_content);
  2424. xs *updated = xs_str_utctime(0, ISO_DATE_SPEC);
  2425. msg = xs_dict_set(msg, "updated", updated);
  2426. /* overwrite object, not updating the indexes */
  2427. object_add_ow(xs_dict_get(msg, "id"), msg);
  2428. /* update message */
  2429. xs *c_msg = msg_update(&snac, msg);
  2430. enqueue_message(&snac, c_msg);
  2431. rsp = mastoapi_status(&snac, msg);
  2432. }
  2433. if (rsp != NULL) {
  2434. *body = xs_json_dumps(rsp, 4);
  2435. *ctype = "application/json";
  2436. status = 200;
  2437. }
  2438. }
  2439. }
  2440. else
  2441. status = 401;
  2442. }
  2443. /* user cleanup */
  2444. if (logged_in)
  2445. user_free(&snac);
  2446. srv_debug(1, xs_fmt("mastoapi_put_handler %s %d", q_path, status));
  2447. return status;
  2448. }
  2449. void mastoapi_purge(void)
  2450. {
  2451. xs *spec = xs_fmt("%s/app/" "*.json", srv_basedir);
  2452. xs *files = xs_glob(spec, 1, 0);
  2453. xs_list *p = files;
  2454. xs_str *v;
  2455. time_t mt = time(NULL) - 3600;
  2456. while (xs_list_iter(&p, &v)) {
  2457. xs *cid = xs_replace(v, ".json", "");
  2458. xs *fn = _app_fn(cid);
  2459. if (mtime(fn) < mt) {
  2460. /* get the app */
  2461. xs *app = app_get(cid);
  2462. if (app) {
  2463. /* old apps with no uid are incomplete cruft */
  2464. const char *uid = xs_dict_get(app, "uid");
  2465. if (xs_is_null(uid) || *uid == '\0') {
  2466. unlink(fn);
  2467. srv_debug(2, xs_fmt("purged %s", fn));
  2468. }
  2469. }
  2470. }
  2471. }
  2472. }
  2473. #endif /* #ifndef NO_MASTODON_API */