commit
d9adda1a99
27 changed files with 280 additions and 130 deletions
@ -1,25 +1,36 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
class Api::Web::EmbedsController < Api::Web::BaseController |
||||
before_action :require_user! |
||||
include Authorization |
||||
|
||||
def create |
||||
status = StatusFinder.new(params[:url]).status |
||||
before_action :set_status |
||||
|
||||
return not_found if status.hidden? |
||||
def show |
||||
return not_found if @status.hidden? |
||||
|
||||
render json: status, serializer: OEmbedSerializer, width: 400 |
||||
rescue ActiveRecord::RecordNotFound |
||||
oembed = FetchOEmbedService.new.call(params[:url]) |
||||
if @status.local? |
||||
render json: @status, serializer: OEmbedSerializer, width: 400 |
||||
else |
||||
return not_found unless user_signed_in? |
||||
|
||||
return not_found if oembed.nil? |
||||
url = ActivityPub::TagManager.instance.url_for(@status) |
||||
oembed = FetchOEmbedService.new.call(url) |
||||
return not_found if oembed.nil? |
||||
|
||||
begin |
||||
oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED) |
||||
rescue ArgumentError |
||||
return not_found |
||||
begin |
||||
oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED) |
||||
rescue ArgumentError |
||||
return not_found |
||||
end |
||||
|
||||
render json: oembed |
||||
end |
||||
end |
||||
|
||||
render json: oembed |
||||
def set_status |
||||
@status = Status.find(params[:id]) |
||||
authorize @status, :show? |
||||
rescue Mastodon::NotPermittedError |
||||
not_found |
||||
end |
||||
end |
||||
|
@ -0,0 +1,23 @@ |
||||
import type { PropsWithChildren } from 'react'; |
||||
import React from 'react'; |
||||
|
||||
import type { History } from 'history'; |
||||
import { createBrowserHistory } from 'history'; |
||||
import { Router as OriginalRouter } from 'react-router'; |
||||
|
||||
import { layoutFromWindow } from 'mastodon/is_mobile'; |
||||
|
||||
const browserHistory = createBrowserHistory(); |
||||
const originalPush = browserHistory.push.bind(browserHistory); |
||||
|
||||
browserHistory.push = (path: string, state: History.LocationState) => { |
||||
if (layoutFromWindow() === 'multi-column' && !path.startsWith('/deck')) { |
||||
originalPush(`/deck${path}`, state); |
||||
} else { |
||||
originalPush(path, state); |
||||
} |
||||
}; |
||||
|
||||
export const Router: React.FC<PropsWithChildren> = ({ children }) => { |
||||
return <OriginalRouter history={browserHistory}>{children}</OriginalRouter>; |
||||
}; |
@ -1,54 +0,0 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
require 'rails_helper' |
||||
|
||||
describe Api::Web::EmbedsController do |
||||
render_views |
||||
|
||||
let(:user) { Fabricate(:user) } |
||||
|
||||
before { sign_in user } |
||||
|
||||
describe 'POST #create' do |
||||
subject(:body) { JSON.parse(response.body, symbolize_names: true) } |
||||
|
||||
let(:response) { post :create, params: { url: url } } |
||||
|
||||
context 'when successfully finds status' do |
||||
let(:status) { Fabricate(:status) } |
||||
let(:url) { "http://#{Rails.configuration.x.web_domain}/@#{status.account.username}/#{status.id}" } |
||||
|
||||
it 'returns a right response' do |
||||
expect(response).to have_http_status 200 |
||||
expect(body[:author_name]).to eq status.account.username |
||||
end |
||||
end |
||||
|
||||
context 'when fails to find status' do |
||||
let(:url) { 'https://host.test/oembed.html' } |
||||
let(:service_instance) { instance_double(FetchOEmbedService) } |
||||
|
||||
before do |
||||
allow(FetchOEmbedService).to receive(:new) { service_instance } |
||||
allow(service_instance).to receive(:call) { call_result } |
||||
end |
||||
|
||||
context 'when successfully fetching oembed' do |
||||
let(:call_result) { { result: :ok } } |
||||
|
||||
it 'returns a right response' do |
||||
expect(response).to have_http_status 200 |
||||
expect(body[:result]).to eq 'ok' |
||||
end |
||||
end |
||||
|
||||
context 'when fails to fetch oembed' do |
||||
let(:call_result) { nil } |
||||
|
||||
it 'returns a right response' do |
||||
expect(response).to have_http_status 404 |
||||
end |
||||
end |
||||
end |
||||
end |
||||
end |
@ -0,0 +1,161 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
require 'rails_helper' |
||||
|
||||
RSpec.describe '/api/web/embed' do |
||||
subject { get "/api/web/embeds/#{id}", headers: headers } |
||||
|
||||
context 'when accessed anonymously' do |
||||
let(:headers) { {} } |
||||
|
||||
context 'when the requested status is local' do |
||||
let(:id) { status.id } |
||||
|
||||
context 'when the requested status is public' do |
||||
let(:status) { Fabricate(:status, visibility: :public) } |
||||
|
||||
it 'returns JSON with an html attribute' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(200) |
||||
expect(body_as_json[:html]).to be_present |
||||
end |
||||
end |
||||
|
||||
context 'when the requested status is private' do |
||||
let(:status) { Fabricate(:status, visibility: :private) } |
||||
|
||||
it 'returns http not found' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(404) |
||||
end |
||||
end |
||||
end |
||||
|
||||
context 'when the requested status is remote' do |
||||
let(:remote_account) { Fabricate(:account, domain: 'example.com') } |
||||
let(:status) { Fabricate(:status, visibility: :public, account: remote_account, url: 'https://example.com/statuses/1') } |
||||
let(:id) { status.id } |
||||
|
||||
it 'returns http not found' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(404) |
||||
end |
||||
end |
||||
|
||||
context 'when the requested status does not exist' do |
||||
let(:id) { -1 } |
||||
|
||||
it 'returns http not found' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(404) |
||||
end |
||||
end |
||||
end |
||||
|
||||
context 'with an API token' do |
||||
let(:user) { Fabricate(:user) } |
||||
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'read') } |
||||
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } |
||||
|
||||
context 'when the requested status is local' do |
||||
let(:id) { status.id } |
||||
|
||||
context 'when the requested status is public' do |
||||
let(:status) { Fabricate(:status, visibility: :public) } |
||||
|
||||
it 'returns JSON with an html attribute' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(200) |
||||
expect(body_as_json[:html]).to be_present |
||||
end |
||||
|
||||
context 'when the requesting user is blocked' do |
||||
before do |
||||
status.account.block!(user.account) |
||||
end |
||||
|
||||
it 'returns http not found' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(404) |
||||
end |
||||
end |
||||
end |
||||
|
||||
context 'when the requested status is private' do |
||||
let(:status) { Fabricate(:status, visibility: :private) } |
||||
|
||||
before do |
||||
user.account.follow!(status.account) |
||||
end |
||||
|
||||
it 'returns http not found' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(404) |
||||
end |
||||
end |
||||
end |
||||
|
||||
context 'when the requested status is remote' do |
||||
let(:remote_account) { Fabricate(:account, domain: 'example.com') } |
||||
let(:status) { Fabricate(:status, visibility: :public, account: remote_account, url: 'https://example.com/statuses/1') } |
||||
let(:id) { status.id } |
||||
|
||||
let(:service_instance) { instance_double(FetchOEmbedService) } |
||||
|
||||
before do |
||||
allow(FetchOEmbedService).to receive(:new) { service_instance } |
||||
allow(service_instance).to receive(:call) { call_result } |
||||
end |
||||
|
||||
context 'when the requesting user is blocked' do |
||||
before do |
||||
status.account.block!(user.account) |
||||
end |
||||
|
||||
it 'returns http not found' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(404) |
||||
end |
||||
end |
||||
|
||||
context 'when successfully fetching OEmbed' do |
||||
let(:call_result) { { html: 'ok' } } |
||||
|
||||
it 'returns JSON with an html attribute' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(200) |
||||
expect(body_as_json[:html]).to be_present |
||||
end |
||||
end |
||||
|
||||
context 'when failing to fetch OEmbed' do |
||||
let(:call_result) { nil } |
||||
|
||||
it 'returns http not found' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(404) |
||||
end |
||||
end |
||||
end |
||||
|
||||
context 'when the requested status does not exist' do |
||||
let(:id) { -1 } |
||||
|
||||
it 'returns http not found' do |
||||
subject |
||||
|
||||
expect(response).to have_http_status(404) |
||||
end |
||||
end |
||||
end |
||||
end |
Loading…
Reference in new issue