Home Verkennen Help
Registreren Inloggen
oleg
/
pixelfed
spiegel van https://github.com/pixelfed/pixelfed.git
1
0
Vork 0
Bestanden Issues 0 Wiki
Boom: 12f9539054
Aftakkingen Labels
pixelfed
/
app
/
Http
/
Controllers
/
Api
/
ApiV1Dot1Controller.php

ApiV1Dot1Controller.php 12 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Controllers\Api;
    4. 

  4. 

  5. use Cache;
    6. 

  6. use DB;
    7. 

  7. use App\Http\Controllers\Controller;
    8. 

  8. use Illuminate\Http\Request;
    9. 

  9. use League\Fractal;
    10. 

  10. use League\Fractal\Serializer\ArraySerializer;
    11. 

  11. use League\Fractal\Pagination\IlluminatePaginatorAdapter;
    12. 

  12. use App\AccountLog;
    13. 

  13. use App\EmailVerification;
    14. 

  14. use App\Status;
    15. 

  15. use App\Report;
    16. 

  16. use App\Profile;
    17. 

  17. use App\Services\AccountService;
    18. 

  18. use App\Services\StatusService;
    19. 

  19. use App\Services\ProfileStatusService;
    20. 

  20. use Jenssegers\Agent\Agent;
    21. 

  21. use Mail;
    22. 

  22. use App\Mail\PasswordChange;
    23. 

  23. 

  24. class ApiV1Dot1Controller extends Controller
    25. 

  25. {
    26. 

  26.     protected $fractal;
    27. 

  27. 

  28.     public function __construct()
    29. 

  29.     {
    30. 

  30.         $this->fractal = new Fractal\Manager();
    31. 

  31.         $this->fractal->setSerializer(new ArraySerializer());
    32. 

  32.     }
    33. 

  33. 

  34.     public function json($res, $code = 200, $headers = [])
    35. 

  35.     {
    36. 

  36.         return response()->json($res, $code, $headers, JSON_UNESCAPED_SLASHES);
    37. 

  37.     }
    38. 

  38. 

  39.     public function error($msg, $code = 400, $extra = [], $headers = [])
    40. 

  40.     {
    41. 

  41.         $res = [
    42. 

  42.             "msg" => $msg,
    43. 

  43.             "code" => $code
    44. 

  44.         ];
    45. 

  45.         return response()->json(array_merge($res, $extra), $code, $headers, JSON_UNESCAPED_SLASHES);
    46. 

  46.     }
    47. 

  47. 

  48.     public function report(Request $request)
    49. 

  49.     {
    50. 

  50.         $user = $request->user();
    51. 

  51. 

  52.         abort_if(!$user, 403);
    53. 

  53.         abort_if($user->status != null, 403);
    54. 

  54. 

  55.         $report_type = $request->input('report_type');
    56. 

  56.         $object_id = $request->input('object_id');
    57. 

  57.         $object_type = $request->input('object_type');
    58. 

  58. 

  59.         $types = [
    60. 

  60.             'spam',
    61. 

  61.             'sensitive',
    62. 

  62.             'abusive',
    63. 

  63.             'underage',
    64. 

  64.             'violence',
    65. 

  65.             'copyright',
    66. 

  66.             'impersonation',
    67. 

  67.             'scam',
    68. 

  68.             'terrorism'
    69. 

  69.         ];
    70. 

  70. 

  71.         if (!$report_type || !$object_id || !$object_type) {
    72. 

  72.             return $this->error("Invalid or missing parameters", 400, ["error_code" => "ERROR_INVALID_PARAMS"]);
    73. 

  73.         }
    74. 

  74. 

  75.         if (!in_array($report_type, $types)) {
    76. 

  76.             return $this->error("Invalid report type", 400, ["error_code" => "ERROR_TYPE_INVALID"]);
    77. 

  77.         }
    78. 

  78. 

  79.         if ($object_type === "user" && $object_id == $user->profile_id) {
    80. 

  80.             return $this->error("Cannot self report", 400, ["error_code" => "ERROR_NO_SELF_REPORTS"]);
    81. 

  81.         }
    82. 

  82. 

  83.         $rpid = null;
    84. 

  84. 

  85.         switch ($object_type) {
    86. 

  86.             case 'post':
    87. 

  87.                 $object = Status::find($object_id);
    88. 

  88.                 if (!$object) {
    89. 

  89.                     return $this->error("Invalid object id", 400, ["error_code" => "ERROR_INVALID_OBJECT_ID"]);
    90. 

  90.                 }
    91. 

  91.                 $object_type = 'App\Status';
    92. 

  92.                 $exists = Report::whereUserId($user->id)
    93. 

  93.                     ->whereObjectId($object->id)
    94. 

  94.                     ->whereObjectType('App\Status')
    95. 

  95.                     ->count();
    96. 

  96. 

  97.                 $rpid = $object->profile_id;
    98. 

  98.             break;
    99. 

  99. 

  100.             case 'user':
    101. 

  101.                 $object = Profile::find($object_id);
    102. 

  102.                 if (!$object) {
    103. 

  103.                     return $this->error("Invalid object id", 400, ["error_code" => "ERROR_INVALID_OBJECT_ID"]);
    104. 

  104.                 }
    105. 

  105.                 $object_type = 'App\Profile';
    106. 

  106.                 $exists = Report::whereUserId($user->id)
    107. 

  107.                     ->whereObjectId($object->id)
    108. 

  108.                     ->whereObjectType('App\Profile')
    109. 

  109.                     ->count();
    110. 

  110.                 $rpid = $object->id;
    111. 

  111.             break;
    112. 

  112. 

  113.             default:
    114. 

  114.                 return $this->error("Invalid report type", 400, ["error_code" => "ERROR_REPORT_OBJECT_TYPE_INVALID"]);
    115. 

  115.             break;
    116. 

  116.       }
    117. 

  117. 

  118.         if ($exists !== 0) {
    119. 

  119.             return $this->error("Duplicate report", 400, ["error_code" => "ERROR_REPORT_DUPLICATE"]);
    120. 

  120.         }
    121. 

  121. 

  122.         if ($object->profile_id == $user->profile_id) {
    123. 

  123.             return $this->error("Cannot self report", 400, ["error_code" => "ERROR_NO_SELF_REPORTS"]);
    124. 

  124.         }
    125. 

  125. 

  126.         $report = new Report;
    127. 

  127.         $report->profile_id = $user->profile_id;
    128. 

  128.         $report->user_id = $user->id;
    129. 

  129.         $report->object_id = $object->id;
    130. 

  130.         $report->object_type = $object_type;
    131. 

  131.         $report->reported_profile_id = $rpid;
    132. 

  132.         $report->type = $report_type;
    133. 

  133.         $report->save();
    134. 

  134. 

  135.         $res = [
    136. 

  136.             "msg" => "Successfully sent report",
    137. 

  137.             "code" => 200
    138. 

  138.         ];
    139. 

  139.         return $this->json($res);
    140. 

  140.     }
    141. 

  141. 

  142.     /**
    143. 

  143.      * DELETE /api/v1.1/accounts/avatar
    144. 

  144.      *
    145. 

  145.      * @return \App\Transformer\Api\AccountTransformer
    146. 

  146.      */
    147. 

  147.     public function deleteAvatar(Request $request)
    148. 

  148.     {
    149. 

  149.         $user = $request->user();
    150. 

  150. 

  151.         abort_if(!$user, 403);
    152. 

  152.         abort_if($user->status != null, 403);
    153. 

  153. 

  154.         $avatar = $user->profile->avatar;
    155. 

  155. 

  156.         if( $avatar->media_path == 'public/avatars/default.png' ||
    157. 

  157.             $avatar->media_path == 'public/avatars/default.jpg'
    158. 

  158.         ) {
    159. 

  159.             return AccountService::get($user->profile_id);
    160. 

  160.         }
    161. 

  161. 

  162.         if(is_file(storage_path('app/' . $avatar->media_path))) {
    163. 

  163.             @unlink(storage_path('app/' . $avatar->media_path));
    164. 

  164.         }
    165. 

  165. 

  166.         $avatar->media_path = 'public/avatars/default.jpg';
    167. 

  167.         $avatar->change_count = $avatar->change_count + 1;
    168. 

  168.         $avatar->save();
    169. 

  169. 

  170.         Cache::forget('avatar:' . $user->profile_id);
    171. 

  171.         Cache::forget("avatar:{$user->profile_id}");
    172. 

  172.         Cache::forget('user:account:id:'.$user->id);
    173. 

  173.         AccountService::del($user->profile_id);
    174. 

  174. 

  175.         return AccountService::get($user->profile_id);
    176. 

  176.     }
    177. 

  177. 

  178.     /**
    179. 

  179.      * GET /api/v1.1/accounts/{id}/posts
    180. 

  180.      *
    181. 

  181.      * @return \App\Transformer\Api\StatusTransformer
    182. 

  182.      */
    183. 

  183.     public function accountPosts(Request $request, $id)
    184. 

  184.     {
    185. 

  185.         $user = $request->user();
    186. 

  186. 

  187.         abort_if(!$user, 403);
    188. 

  188.         abort_if($user->status != null, 403);
    189. 

  189. 

  190.         $account = AccountService::get($id);
    191. 

  191. 

  192.         if(!$account || $account['username'] !== $request->input('username')) {
    193. 

  193.             return $this->json([]);
    194. 

  194.         }
    195. 

  195. 

  196.         $posts = ProfileStatusService::get($id);
    197. 

  197. 

  198.         if(!$posts) {
    199. 

  199.             return $this->json([]);
    200. 

  200.         }
    201. 

  201. 

  202.         $res = collect($posts)
    203. 

  203.             ->map(function($id) {
    204. 

  204.                 return StatusService::get($id);
    205. 

  205.             })
    206. 

  206.             ->filter(function($post) {
    207. 

  207.                 return $post && isset($post['account']);
    208. 

  208.             })
    209. 

  209.             ->toArray();
    210. 

  210. 

  211.         return $this->json($res);
    212. 

  212.     }
    213. 

  213. 

  214.     /**
    215. 

  215.      * POST /api/v1.1/accounts/change-password
    216. 

  216.      *
    217. 

  217.      * @return \App\Transformer\Api\AccountTransformer
    218. 

  218.      */
    219. 

  219.     public function accountChangePassword(Request $request)
    220. 

  220.     {
    221. 

  221.         $user = $request->user();
    222. 

  222.         abort_if(!$user, 403);
    223. 

  223.         abort_if($user->status != null, 403);
    224. 

  224. 

  225.         $this->validate($request, [
    226. 

  226.             'current_password' => 'bail|required|current_password',
    227. 

  227.             'new_password' => 'required|min:' . config('pixelfed.min_password_length', 8),
    228. 

  228.             'confirm_password' => 'required|same:new_password'
    229. 

  229.         ],[
    230. 

  230.             'current_password' => 'The password you entered is incorrect'
    231. 

  231.         ]);
    232. 

  232. 

  233.         $user->password = bcrypt($request->input('new_password'));
    234. 

  234.         $user->save();
    235. 

  235. 

  236.         $log = new AccountLog;
    237. 

  237.         $log->user_id = $user->id;
    238. 

  238.         $log->item_id = $user->id;
    239. 

  239.         $log->item_type = 'App\User';
    240. 

  240.         $log->action = 'account.edit.password';
    241. 

  241.         $log->message = 'Password changed';
    242. 

  242.         $log->link = null;
    243. 

  243.         $log->ip_address = $request->ip();
    244. 

  244.         $log->user_agent = $request->userAgent();
    245. 

  245.         $log->save();
    246. 

  246. 

  247.         Mail::to($request->user())->send(new PasswordChange($user));
    248. 

  248. 

  249.         return $this->json(AccountService::get($user->profile_id));
    250. 

  250.     }
    251. 

  251. 

  252.     /**
    253. 

  253.      * GET /api/v1.1/accounts/login-activity
    254. 

  254.      *
    255. 

  255.      * @return array
    256. 

  256.      */
    257. 

  257.     public function accountLoginActivity(Request $request)
    258. 

  258.     {
    259. 

  259.         $user = $request->user();
    260. 

  260.         abort_if(!$user, 403);
    261. 

  261.         abort_if($user->status != null, 403);
    262. 

  262.         $agent = new Agent();
    263. 

  263.         $currentIp = $request->ip();
    264. 

  264. 

  265.         $activity = AccountLog::whereUserId($user->id)
    266. 

  266.             ->whereAction('auth.login')
    267. 

  267.             ->orderBy('created_at', 'desc')
    268. 

  268.             ->groupBy('ip_address')
    269. 

  269.             ->limit(10)
    270. 

  270.             ->get()
    271. 

  271.             ->map(function($item) use($agent, $currentIp) {
    272. 

  272.                 $agent->setUserAgent($item->user_agent);
    273. 

  273.                 return [
    274. 

  274.                     'id' => $item->id,
    275. 

  275.                     'action' => $item->action,
    276. 

  276.                     'ip' => $item->ip_address,
    277. 

  277.                     'ip_current' => $item->ip_address === $currentIp,
    278. 

  278.                     'is_mobile' => $agent->isMobile(),
    279. 

  279.                     'device' => $agent->device(),
    280. 

  280.                     'browser' => $agent->browser(),
    281. 

  281.                     'platform' => $agent->platform(),
    282. 

  282.                     'created_at' => $item->created_at->format('c')
    283. 

  283.                 ];
    284. 

  284.             });
    285. 

  285. 

  286.         return $this->json($activity);
    287. 

  287.     }
    288. 

  288. 

  289.     /**
    290. 

  290.      * GET /api/v1.1/accounts/two-factor
    291. 

  291.      *
    292. 

  292.      * @return array
    293. 

  293.      */
    294. 

  294.     public function accountTwoFactor(Request $request)
    295. 

  295.     {
    296. 

  296.         $user = $request->user();
    297. 

  297.         abort_if(!$user, 403);
    298. 

  298.         abort_if($user->status != null, 403);
    299. 

  299. 

  300.         $res = [
    301. 

  301.             'active' => (bool) $user->{'2fa_enabled'},
    302. 

  302.             'setup_at' => $user->{'2fa_setup_at'}
    303. 

  303.         ];
    304. 

  304.         return $this->json($res);
    305. 

  305.     }
    306. 

  306. 

  307.     /**
    308. 

  308.      * GET /api/v1.1/accounts/emails-from-pixelfed
    309. 

  309.      *
    310. 

  310.      * @return array
    311. 

  311.      */
    312. 

  312.     public function accountEmailsFromPixelfed(Request $request)
    313. 

  313.     {
    314. 

  314.         $user = $request->user();
    315. 

  315.         abort_if(!$user, 403);
    316. 

  316.         abort_if($user->status != null, 403);
    317. 

  317.         $from = config('mail.from.address');
    318. 

  318. 

  319.         $emailVerifications = EmailVerification::whereUserId($user->id)
    320. 

  320.             ->orderByDesc('id')
    321. 

  321.             ->where('created_at', '>', now()->subDays(14))
    322. 

  322.             ->limit(10)
    323. 

  323.             ->get()
    324. 

  324.             ->map(function($mail) use($user, $from) {
    325. 

  325.                 return [
    326. 

  326.                     'type' => 'Email Verification',
    327. 

  327.                     'subject' => 'Confirm Email',
    328. 

  328.                     'to_address' => $user->email,
    329. 

  329.                     'from_address' => $from,
    330. 

  330.                     'created_at' => str_replace('@', 'at', $mail->created_at->format('M j, Y @ g:i:s A'))
    331. 

  331.                 ];
    332. 

  332.             })
    333. 

  333.             ->toArray();
    334. 

  334. 

  335.         $passwordResets = DB::table('password_resets')
    336. 

  336.             ->whereEmail($user->email)
    337. 

  337.             ->where('created_at', '>', now()->subDays(14))
    338. 

  338.             ->orderByDesc('created_at')
    339. 

  339.             ->limit(10)
    340. 

  340.             ->get()
    341. 

  341.             ->map(function($mail) use($user, $from) {
    342. 

  342.                 return [
    343. 

  343.                     'type' => 'Password Reset',
    344. 

  344.                     'subject' => 'Reset Password Notification',
    345. 

  345.                     'to_address' => $user->email,
    346. 

  346.                     'from_address' => $from,
    347. 

  347.                     'created_at' => str_replace('@', 'at', now()->parse($mail->created_at)->format('M j, Y @ g:i:s A'))
    348. 

  348.                 ];
    349. 

  349.             })
    350. 

  350.             ->toArray();
    351. 

  351. 

  352.         $passwordChanges = AccountLog::whereUserId($user->id)
    353. 

  353.             ->whereAction('account.edit.password')
    354. 

  354.             ->where('created_at', '>', now()->subDays(14))
    355. 

  355.             ->orderByDesc('created_at')
    356. 

  356.             ->limit(10)
    357. 

  357.             ->get()
    358. 

  358.             ->map(function($mail) use($user, $from) {
    359. 

  359.                 return [
    360. 

  360.                     'type' => 'Password Change',
    361. 

  361.                     'subject' => 'Password Change',
    362. 

  362.                     'to_address' => $user->email,
    363. 

  363.                     'from_address' => $from,
    364. 

  364.                     'created_at' => str_replace('@', 'at', now()->parse($mail->created_at)->format('M j, Y @ g:i:s A'))
    365. 

  365.                 ];
    366. 

  366.             })
    367. 

  367.             ->toArray();
    368. 

  368. 

  369.         $res = collect([])
    370. 

  370.             ->merge($emailVerifications)
    371. 

  371.             ->merge($passwordResets)
    372. 

  372.             ->merge($passwordChanges)
    373. 

  373.             ->sortByDesc('created_at')
    374. 

  374.             ->values();
    375. 

  375. 

  376.         return $this->json($res);
    377. 

  377.     }
    378. 

  378. 

  379. 

  380.     /**
    381. 

  381.      * GET /api/v1.1/accounts/apps-and-applications
    382. 

  382.      *
    383. 

  383.      * @return array
    384. 

  384.      */
    385. 

  385.     public function accountApps(Request $request)
    386. 

  386.     {
    387. 

  387.         $user = $request->user();
    388. 

  388.         abort_if(!$user, 403);
    389. 

  389.         abort_if($user->status != null, 403);
    390. 

  390. 

  391.         $res = $user->tokens->map(function($token, $key) {
    392. 

  392.             return [
    393. 

  393.                 'id' => $key + 1,
    394. 

  394.                 'did' => encrypt($token->id),
    395. 

  395.                 'name' => $token->name,
    396. 

  396.                 'scopes' => $token->scopes,
    397. 

  397.                 'revoked' => $token->revoked,
    398. 

  398.                 'created_at' => $token->created_at,
    399. 

  399.                 'expires_at' => $token->expires_at
    400. 

  400.             ];
    401. 

  401.         });
    402. 

  402. 

  403.         return $this->json($res);
    404. 

  404.     }
    405. 

  405. }
    406.