Merge branch 'master' into glitch-soc/merge-upstream

Conflicts: - app/controllers/directories_controller.rb - package.json - yarn.lock
2019-07-30 12:22:33 +02:00
parent f48c7689d2 b31b232edf
commit 24968d20a0
59 changed files with 779 additions and 221 deletions
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -9,6 +9,7 @@ class Api::BaseController < ApplicationController
  skip_before_action :store_current_location
  skip_before_action :require_functional!

+  before_action :require_authenticated_user!, if: :disallow_unauthenticated_api_access?
  before_action :set_cache_headers

  protect_from_forgery with: :null_session
@@ -69,6 +70,10 @@ class Api::BaseController < ApplicationController
    nil
  end

+  def require_authenticated_user!
+    render json: { error: 'This API requires an authenticated user' }, status: 401 unless current_user
+  end
+
  def require_user!
    if !current_user
      render json: { error: 'This method requires an authenticated user' }, status: 422
@@ -94,4 +99,8 @@ class Api::BaseController < ApplicationController
  def set_cache_headers
    response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
  end
+
+  def disallow_unauthenticated_api_access?
+    authorized_fetch_mode?
+  end
 end
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@@ -12,6 +12,8 @@ class Api::V1::AccountsController < Api::BaseController
  before_action :check_account_suspension, only: [:show]
  before_action :check_enabled_registrations, only: [:create]

+  skip_before_action :require_authenticated_user!, only: :create
+
  respond_to :json

  def show
--- a/app/controllers/api/v1/apps_controller.rb
+++ b/app/controllers/api/v1/apps_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true

 class Api::V1::AppsController < Api::BaseController
+  skip_before_action :require_authenticated_user!
+
  def create
    @app = Doorkeeper::Application.create!(application_options)
    render json: @app, serializer: REST::ApplicationSerializer
--- a/app/controllers/api/v1/instances/activity_controller.rb
+++ b/app/controllers/api/v1/instances/activity_controller.rb
@@ -2,6 +2,7 @@

 class Api::V1::Instances::ActivityController < Api::BaseController
  before_action :require_enabled_api!
+
  skip_before_action :set_cache_headers

  respond_to :json
@@ -33,6 +34,6 @@ class Api::V1::Instances::ActivityController < Api::BaseController
  end

  def require_enabled_api!
-    head 404 unless Setting.activity_api_enabled
+    head 404 unless Setting.activity_api_enabled && !whitelist_mode?
  end
 end
--- a/app/controllers/api/v1/instances/peers_controller.rb
+++ b/app/controllers/api/v1/instances/peers_controller.rb
@@ -2,6 +2,7 @@

 class Api::V1::Instances::PeersController < Api::BaseController
  before_action :require_enabled_api!
+
  skip_before_action :set_cache_headers

  respond_to :json
@@ -14,6 +15,6 @@ class Api::V1::Instances::PeersController < Api::BaseController
  private

  def require_enabled_api!
-    head 404 unless Setting.peers_api_enabled
+    head 404 unless Setting.peers_api_enabled && !whitelist_mode?
  end
 end
--- a/app/controllers/api/v1/instances_controller.rb
+++ b/app/controllers/api/v1/instances_controller.rb
@@ -2,6 +2,7 @@

 class Api::V1::InstancesController < Api::BaseController
  respond_to :json
+
  skip_before_action :set_cache_headers

  def show