StatusController.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401
  1. <?php
  2. namespace App\Http\Controllers;
  3. use App\Jobs\ImageOptimizePipeline\ImageOptimize;
  4. use App\Jobs\StatusPipeline\NewStatusPipeline;
  5. use App\Jobs\StatusPipeline\StatusDelete;
  6. use App\Jobs\SharePipeline\SharePipeline;
  7. use App\AccountInterstitial;
  8. use App\Media;
  9. use App\Profile;
  10. use App\Status;
  11. use App\Transformer\ActivityPub\StatusTransformer;
  12. use App\Transformer\ActivityPub\Verb\Note;
  13. use App\User;
  14. use Auth, Cache;
  15. use Illuminate\Http\Request;
  16. use League\Fractal;
  17. use App\Util\Media\Filter;
  18. use Illuminate\Support\Str;
  19. use App\Services\HashidService;
  20. class StatusController extends Controller
  21. {
  22. public function show(Request $request, $username, int $id)
  23. {
  24. $user = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
  25. if($user->status != null) {
  26. return ProfileController::accountCheck($user);
  27. }
  28. $status = Status::whereProfileId($user->id)
  29. ->whereNull('reblog_of_id')
  30. ->whereNotIn('visibility',['draft','direct'])
  31. ->findOrFail($id);
  32. if($status->uri || $status->url) {
  33. $url = $status->uri ?? $status->url;
  34. if(ends_with($url, '/activity')) {
  35. $url = str_replace('/activity', '', $url);
  36. }
  37. return redirect($url);
  38. }
  39. if($status->visibility == 'private' || $user->is_private) {
  40. if(!Auth::check()) {
  41. abort(404);
  42. }
  43. $pid = Auth::user()->profile;
  44. if($user->followedBy($pid) == false && $user->id !== $pid->id && Auth::user()->is_admin == false) {
  45. abort(404);
  46. }
  47. }
  48. if($status->type == 'archived') {
  49. if(Auth::user()->profile_id !== $status->profile_id) {
  50. abort(404);
  51. }
  52. }
  53. if ($request->wantsJson() && config('federation.activitypub.enabled')) {
  54. return $this->showActivityPub($request, $status);
  55. }
  56. $template = $status->in_reply_to_id ? 'status.reply' : 'status.show';
  57. return view($template, compact('user', 'status'));
  58. }
  59. public function shortcodeRedirect(Request $request, $id)
  60. {
  61. abort_if(strlen($id) < 5, 404);
  62. if(!Auth::check()) {
  63. return redirect('/login?next='.urlencode('/' . $request->path()));
  64. }
  65. $id = HashidService::decode($id);
  66. $status = Status::find($id);
  67. if(!$status) {
  68. return redirect('/404');
  69. }
  70. return redirect($status->url());
  71. }
  72. public function showId(int $id)
  73. {
  74. abort(404);
  75. $status = Status::whereNull('reblog_of_id')
  76. ->whereIn('scope', ['public', 'unlisted'])
  77. ->findOrFail($id);
  78. return redirect($status->url());
  79. }
  80. public function showEmbed(Request $request, $username, int $id)
  81. {
  82. $profile = Profile::whereNull(['domain','status'])
  83. ->whereIsPrivate(false)
  84. ->whereUsername($username)
  85. ->first();
  86. if(!$profile) {
  87. $content = view('status.embed-removed');
  88. return response($content)->header('X-Frame-Options', 'ALLOWALL');
  89. }
  90. $status = Status::whereProfileId($profile->id)
  91. ->whereNull('uri')
  92. ->whereScope('public')
  93. ->whereIsNsfw(false)
  94. ->whereIn('type', ['photo', 'video','photo:album'])
  95. ->find($id);
  96. if(!$status) {
  97. $content = view('status.embed-removed');
  98. return response($content)->header('X-Frame-Options', 'ALLOWALL');
  99. }
  100. $showLikes = $request->filled('likes') && $request->likes == true;
  101. $showCaption = $request->filled('caption') && $request->caption !== false;
  102. $layout = $request->filled('layout') && $request->layout == 'compact' ? 'compact' : 'full';
  103. $content = view('status.embed', compact('status', 'showLikes', 'showCaption', 'layout'));
  104. return response($content)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
  105. }
  106. public function showObject(Request $request, $username, int $id)
  107. {
  108. $user = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
  109. if($user->status != null) {
  110. return ProfileController::accountCheck($user);
  111. }
  112. $status = Status::whereProfileId($user->id)
  113. ->whereNotIn('visibility',['draft','direct'])
  114. ->findOrFail($id);
  115. abort_if($status->uri, 404);
  116. if($status->visibility == 'private' || $user->is_private) {
  117. if(!Auth::check()) {
  118. abort(403);
  119. }
  120. $pid = Auth::user()->profile;
  121. if($user->followedBy($pid) == false && $user->id !== $pid->id) {
  122. abort(403);
  123. }
  124. }
  125. return $this->showActivityPub($request, $status);
  126. }
  127. public function compose()
  128. {
  129. $this->authCheck();
  130. return view('status.compose');
  131. }
  132. public function store(Request $request)
  133. {
  134. return;
  135. }
  136. public function delete(Request $request)
  137. {
  138. $this->authCheck();
  139. $this->validate($request, [
  140. 'item' => 'required|integer|min:1',
  141. ]);
  142. $status = Status::findOrFail($request->input('item'));
  143. $user = Auth::user();
  144. if($status->profile_id != $user->profile->id &&
  145. $user->is_admin == true &&
  146. $status->uri == null
  147. ) {
  148. $media = $status->media;
  149. $ai = new AccountInterstitial;
  150. $ai->user_id = $status->profile->user_id;
  151. $ai->type = 'post.removed';
  152. $ai->view = 'account.moderation.post.removed';
  153. $ai->item_type = 'App\Status';
  154. $ai->item_id = $status->id;
  155. $ai->has_media = (bool) $media->count();
  156. $ai->blurhash = $media->count() ? $media->first()->blurhash : null;
  157. $ai->meta = json_encode([
  158. 'caption' => $status->caption,
  159. 'created_at' => $status->created_at,
  160. 'type' => $status->type,
  161. 'url' => $status->url(),
  162. 'is_nsfw' => $status->is_nsfw,
  163. 'scope' => $status->scope,
  164. 'reblog' => $status->reblog_of_id,
  165. 'likes_count' => $status->likes_count,
  166. 'reblogs_count' => $status->reblogs_count,
  167. ]);
  168. $ai->save();
  169. $u = $status->profile->user;
  170. $u->has_interstitial = true;
  171. $u->save();
  172. }
  173. Cache::forget('_api:statuses:recent_9:' . $status->profile_id);
  174. if ($status->profile_id == $user->profile->id || $user->is_admin == true) {
  175. Cache::forget('profile:status_count:'.$status->profile_id);
  176. StatusDelete::dispatch($status);
  177. }
  178. if($request->wantsJson()) {
  179. return response()->json(['Status successfully deleted.']);
  180. } else {
  181. return redirect($user->url());
  182. }
  183. }
  184. public function storeShare(Request $request)
  185. {
  186. $this->authCheck();
  187. $this->validate($request, [
  188. 'item' => 'required|integer|min:1',
  189. ]);
  190. $user = Auth::user();
  191. $profile = $user->profile;
  192. $status = Status::withCount('shares')
  193. ->whereIn('scope', ['public', 'unlisted'])
  194. ->findOrFail($request->input('item'));
  195. $count = $status->shares()->count();
  196. $exists = Status::whereProfileId(Auth::user()->profile->id)
  197. ->whereReblogOfId($status->id)
  198. ->count();
  199. if ($exists !== 0) {
  200. $shares = Status::whereProfileId(Auth::user()->profile->id)
  201. ->whereReblogOfId($status->id)
  202. ->get();
  203. foreach ($shares as $share) {
  204. $share->delete();
  205. $count--;
  206. }
  207. } else {
  208. $share = new Status();
  209. $share->profile_id = $profile->id;
  210. $share->reblog_of_id = $status->id;
  211. $share->in_reply_to_profile_id = $status->profile_id;
  212. $share->save();
  213. $count++;
  214. SharePipeline::dispatch($share);
  215. }
  216. if($count >= 0) {
  217. $status->reblogs_count = $count;
  218. $status->save();
  219. }
  220. Cache::forget('status:'.$status->id.':sharedby:userid:'.$user->id);
  221. if ($request->ajax()) {
  222. $response = ['code' => 200, 'msg' => 'Share saved', 'count' => $count];
  223. } else {
  224. $response = redirect($status->url());
  225. }
  226. return $response;
  227. }
  228. public function showActivityPub(Request $request, $status)
  229. {
  230. $fractal = new Fractal\Manager();
  231. $resource = new Fractal\Resource\Item($status, new Note());
  232. $res = $fractal->createData($resource)->toArray();
  233. return response()->json($res['data'], 200, ['Content-Type' => 'application/activity+json'], JSON_PRETTY_PRINT);
  234. }
  235. public function edit(Request $request, $username, $id)
  236. {
  237. $this->authCheck();
  238. $user = Auth::user()->profile;
  239. $status = Status::whereProfileId($user->id)
  240. ->with(['media'])
  241. ->where('created_at', '>', now()->subHours(24))
  242. ->findOrFail($id);
  243. return view('status.edit', compact('user', 'status'));
  244. }
  245. public function editStore(Request $request, $username, $id)
  246. {
  247. $this->authCheck();
  248. $user = Auth::user()->profile;
  249. $status = Status::whereProfileId($user->id)
  250. ->with(['media'])
  251. ->where('created_at', '>', now()->subHours(24))
  252. ->findOrFail($id);
  253. $this->validate($request, [
  254. 'id' => 'required|integer|min:1',
  255. 'caption' => 'nullable',
  256. 'filter' => 'nullable|alpha_dash|max:30',
  257. ]);
  258. $id = $request->input('id');
  259. $caption = $request->input('caption');
  260. $filter = $request->input('filter');
  261. $media = Media::whereProfileId($user->id)
  262. ->whereStatusId($status->id)
  263. ->findOrFail($id);
  264. $changed = false;
  265. if ($media->caption != $caption) {
  266. $media->caption = $caption;
  267. $changed = true;
  268. }
  269. if ($media->filter_class != $filter && in_array($filter, Filter::classes())) {
  270. $media->filter_class = $filter;
  271. $changed = true;
  272. }
  273. if ($changed === true) {
  274. $media->save();
  275. Cache::forget('status:transformer:media:attachments:'.$media->status_id);
  276. }
  277. return response()->json([], 200);
  278. }
  279. protected function authCheck()
  280. {
  281. if (Auth::check() == false) {
  282. abort(403);
  283. }
  284. }
  285. protected function validateVisibility($visibility)
  286. {
  287. $allowed = ['public', 'unlisted', 'private'];
  288. return in_array($visibility, $allowed) ? $visibility : 'public';
  289. }
  290. public static function mimeTypeCheck($mimes)
  291. {
  292. $allowed = explode(',', config('pixelfed.media_types'));
  293. $count = count($mimes);
  294. $photos = 0;
  295. $videos = 0;
  296. foreach($mimes as $mime) {
  297. if(in_array($mime, $allowed) == false && $mime !== 'video/mp4') {
  298. continue;
  299. }
  300. if(str_contains($mime, 'image/')) {
  301. $photos++;
  302. }
  303. if(str_contains($mime, 'video/')) {
  304. $videos++;
  305. }
  306. }
  307. if($photos == 1 && $videos == 0) {
  308. return 'photo';
  309. }
  310. if($videos == 1 && $photos == 0) {
  311. return 'video';
  312. }
  313. if($photos > 1 && $videos == 0) {
  314. return 'photo:album';
  315. }
  316. if($videos > 1 && $photos == 0) {
  317. return 'video:album';
  318. }
  319. if($photos >= 1 && $videos >= 1) {
  320. return 'photo:video:album';
  321. }
  322. }
  323. public function toggleVisibility(Request $request) {
  324. $this->authCheck();
  325. $this->validate($request, [
  326. 'item' => 'required|string|min:1|max:20',
  327. 'disableComments' => 'required|boolean'
  328. ]);
  329. $user = Auth::user();
  330. $id = $request->input('item');
  331. $state = $request->input('disableComments');
  332. $status = Status::findOrFail($id);
  333. if($status->profile_id != $user->profile->id && $user->is_admin == false) {
  334. abort(403);
  335. }
  336. $status->comments_disabled = $status->comments_disabled == true ? false : true;
  337. $status->save();
  338. return response()->json([200]);
  339. }
  340. }