Add /api/v1/accounts/update_credentials endpoint

app/Http/Controllers/Api/ApiV1Controller.php

@@ -78,6 +78,56 @@ class ApiV1Controller extends Controller
 		return response()->json($res);
 	}
 
+    public function accountUpdateCredentials(Request, $request)
+    {
+        abort_if(!$request->user(), 403);
+
+        $this->validate($request, [
+            'display_name'      => 'nullable|string',
+            'note'              => 'nullable|string',
+            'locked'            => 'nullable|boolean',
+            // 'source.privacy'    => 'nullable|in:unlisted,public,private',
+            // 'source.sensitive'  => 'nullable|boolean'
+        ]);
+
+        $user = $request->user();
+        $profile = $user->profile;
+
+        $displayName = $request->input('display_name');
+        $note = $request->input('note');
+        $locked = $request->input('locked');
+        // $privacy = $request->input('source.privacy');
+        // $sensitive = $request->input('source.sensitive');
+
+        $changes = false;
+
+        if($displayName !== $user->name) {
+            $user->name = $displayName;
+            $profile->name = $displayName;
+            $changes = true;
+        }
+
+        if($note !== $profile->bio) {
+            $profile->bio = e($note);
+            $changes = true;
+        }
+
+        if(!is_null($locked)) {
+            $profile->is_private = $locked;
+            $changes = true;
+        }
+
+        if($changes) {
+            $user->save();
+            $profile->save()
+        }
+
+        $resource = new Fractal\Resource\Item($profile, new AccountTransformer());
+        $res = $this->fractal->createData($resource)->toArray();
+
+        return response()->json($res);
+    }
+
     public function statusById(Request $request, $id)
     {
         $status = Status::whereVisibility('public')->findOrFail($id);
@@ -125,4 +175,22 @@ class ApiV1Controller extends Controller
 
         return response()->json($res);
     }
+
+    public function createStatus(Request $request)
+    {
+        abort_if(!$request->user(), 403);
+        
+        $this->validate($request, [
+            'status' => 'string',
+            'media_ids' => 'array',
+            'media_ids.*' => 'integer|min:1',
+            'sensitive' => 'nullable|boolean',
+            'visibility' => 'string|in:private,unlisted,public',
+            'in_reply_to_id' => 'integer'
+        ]);
+
+        if(!$request->filled('media_ids') && !$request->filled('in_reply_to_id')) {
+            abort(403, 'Empty statuses are not allowed');
+        }
+    }
 }

routes/web.php

@@ -78,6 +78,7 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
 
         Route::group(['prefix' => 'v1'], function () {
             Route::get('accounts/verify_credentials', 'ApiController@verifyCredentials')->middleware('auth:api');
+            Route::patch('accounts/update_credentials', 'Api\ApiV1Controller@accountUpdateCredentials')->middleware('auth:api');
             Route::get('accounts/relationships', 'PublicApiController@relationships')->middleware('auth:api');
             Route::get('accounts/{id}/statuses', 'PublicApiController@accountStatuses')->middleware('auth:api');
             Route::get('accounts/{id}/following', 'PublicApiController@accountFollowing')->middleware('auth:api');
@@ -91,6 +92,7 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
             Route::get('notifications', 'ApiController@notifications')->middleware('auth:api');
             Route::get('timelines/public', 'PublicApiController@publicTimelineApi');
             Route::get('timelines/home', 'PublicApiController@homeTimelineApi')->middleware('auth:api');
+            Route::post('status', 'Api\ApiV1Controller@createStatus')->middleware('auth:api');
         });
         Route::group(['prefix' => 'v2'], function() {
             Route::get('config', 'ApiController@siteConfiguration');