StatusController.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413
  1. <?php
  2. namespace App\Http\Controllers;
  3. use App\Jobs\ImageOptimizePipeline\ImageOptimize;
  4. use App\Jobs\StatusPipeline\NewStatusPipeline;
  5. use App\Jobs\StatusPipeline\StatusDelete;
  6. use App\Jobs\SharePipeline\SharePipeline;
  7. use App\Media;
  8. use App\Profile;
  9. use App\Status;
  10. use App\Transformer\ActivityPub\StatusTransformer;
  11. use App\Transformer\ActivityPub\Verb\Note;
  12. use App\User;
  13. use Auth, Cache;
  14. use Illuminate\Http\Request;
  15. use League\Fractal;
  16. use App\Util\Media\Filter;
  17. use Illuminate\Support\Str;
  18. class StatusController extends Controller
  19. {
  20. public function show(Request $request, $username, int $id)
  21. {
  22. // $id = strlen($id) < 17 ? array_first(\Hashids::decode($id)) : $id;
  23. $user = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
  24. if($user->status != null) {
  25. return ProfileController::accountCheck($user);
  26. }
  27. $status = Status::whereProfileId($user->id)
  28. ->whereNotIn('visibility',['draft','direct'])
  29. ->findOrFail($id);
  30. if($status->uri) {
  31. $url = $status->uri;
  32. if(ends_with($url, '/activity')) {
  33. $url = str_replace('/activity', '', $url);
  34. }
  35. return redirect($url);
  36. }
  37. if($status->visibility == 'private' || $user->is_private) {
  38. if(!Auth::check()) {
  39. abort(404);
  40. }
  41. $pid = Auth::user()->profile;
  42. if($user->followedBy($pid) == false && $user->id !== $pid->id && Auth::user()->is_admin == false) {
  43. abort(404);
  44. }
  45. }
  46. if ($request->wantsJson() && config('federation.activitypub.enabled')) {
  47. return $this->showActivityPub($request, $status);
  48. }
  49. $template = $status->in_reply_to_id ? 'status.reply' : 'status.show';
  50. return view($template, compact('user', 'status'));
  51. }
  52. public function showObject(Request $request, $username, int $id)
  53. {
  54. $user = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
  55. if($user->status != null) {
  56. return ProfileController::accountCheck($user);
  57. }
  58. $status = Status::whereProfileId($user->id)
  59. ->whereNotIn('visibility',['draft','direct'])
  60. ->findOrFail($id);
  61. if($status->uri) {
  62. $url = $status->uri;
  63. if(ends_with($url, '/activity')) {
  64. $url = str_replace('/activity', '', $url);
  65. }
  66. return redirect($url);
  67. }
  68. if($status->visibility == 'private' || $user->is_private) {
  69. if(!Auth::check()) {
  70. abort(403);
  71. }
  72. $pid = Auth::user()->profile;
  73. if($user->followedBy($pid) == false && $user->id !== $pid->id) {
  74. abort(403);
  75. }
  76. }
  77. return $this->showActivityPub($request, $status);
  78. }
  79. public function compose()
  80. {
  81. $this->authCheck();
  82. return view('status.compose');
  83. }
  84. public function store(Request $request)
  85. {
  86. return;
  87. $this->authCheck();
  88. $user = Auth::user();
  89. $size = Media::whereUserId($user->id)->sum('size') / 1000;
  90. $limit = (int) config('pixelfed.max_account_size');
  91. if ($size >= $limit) {
  92. return redirect()->back()->with('error', 'You have exceeded your storage limit. Please click <a href="#">here</a> for more info.');
  93. }
  94. $this->validate($request, [
  95. 'photo.*' => 'required|mimetypes:' . config('pixelfed.media_types').'|max:' . config('pixelfed.max_photo_size'),
  96. 'caption' => 'nullable|string|max:'.config('pixelfed.max_caption_length'),
  97. 'cw' => 'nullable|string',
  98. 'filter_class' => 'nullable|alpha_dash|max:30',
  99. 'filter_name' => 'nullable|string',
  100. 'visibility' => 'required|string|min:5|max:10',
  101. ]);
  102. if (count($request->file('photo')) > config('pixelfed.max_album_length')) {
  103. return redirect()->back()->with('error', 'Too many files, max limit per post: '.config('pixelfed.max_album_length'));
  104. }
  105. $cw = $request->filled('cw') && $request->cw == 'on' ? true : false;
  106. $monthHash = hash('sha1', date('Y').date('m'));
  107. $userHash = hash('sha1', $user->id.(string) $user->created_at);
  108. $profile = $user->profile;
  109. $visibility = $this->validateVisibility($request->visibility);
  110. $cw = $profile->cw == true ? true : $cw;
  111. $visibility = $profile->unlisted == true && $visibility == 'public' ? 'unlisted' : $visibility;
  112. if(config('costar.enabled') == true) {
  113. $blockedKeywords = config('costar.keyword.block');
  114. if($blockedKeywords !== null) {
  115. $keywords = config('costar.keyword.block');
  116. foreach($keywords as $kw) {
  117. if(Str::contains($request->caption, $kw) == true) {
  118. abort(400, 'Invalid object');
  119. }
  120. }
  121. }
  122. }
  123. $status = new Status();
  124. $status->profile_id = $profile->id;
  125. $status->caption = strip_tags($request->caption);
  126. $status->is_nsfw = $cw;
  127. // TODO: remove deprecated visibility in favor of scope
  128. $status->visibility = $visibility;
  129. $status->scope = $visibility;
  130. $status->save();
  131. $photos = $request->file('photo');
  132. $order = 1;
  133. $mimes = [];
  134. $medias = 0;
  135. foreach ($photos as $k => $v) {
  136. $allowedMimes = explode(',', config('pixelfed.media_types'));
  137. if(in_array($v->getMimeType(), $allowedMimes) == false) {
  138. continue;
  139. }
  140. $filter_class = $request->input('filter_class');
  141. $filter_name = $request->input('filter_name');
  142. $storagePath = "public/m/{$monthHash}/{$userHash}";
  143. $path = $v->store($storagePath);
  144. $hash = \hash_file('sha256', $v);
  145. $media = new Media();
  146. $media->status_id = $status->id;
  147. $media->profile_id = $profile->id;
  148. $media->user_id = $user->id;
  149. $media->media_path = $path;
  150. $media->original_sha256 = $hash;
  151. $media->size = $v->getSize();
  152. $media->mime = $v->getMimeType();
  153. $media->filter_class = in_array($filter_class, Filter::classes()) ? $filter_class : null;
  154. $media->filter_name = in_array($filter_name, Filter::names()) ? $filter_name : null;
  155. $media->order = $order;
  156. $media->save();
  157. array_push($mimes, $media->mime);
  158. ImageOptimize::dispatch($media);
  159. $order++;
  160. $medias++;
  161. }
  162. if($medias == 0) {
  163. $status->delete();
  164. return;
  165. }
  166. $status->type = (new self)::mimeTypeCheck($mimes);
  167. $status->save();
  168. Cache::forget('profile:status_count:'.$profile->id);
  169. NewStatusPipeline::dispatch($status);
  170. // TODO: Send to subscribers
  171. return redirect($status->url());
  172. }
  173. public function delete(Request $request)
  174. {
  175. $this->authCheck();
  176. $this->validate($request, [
  177. 'item' => 'required|integer|min:1',
  178. ]);
  179. $status = Status::findOrFail($request->input('item'));
  180. if ($status->profile_id === Auth::user()->profile->id || Auth::user()->is_admin == true) {
  181. Cache::forget('profile:status_count:'.$status->profile_id);
  182. StatusDelete::dispatch($status);
  183. }
  184. if($request->wantsJson()) {
  185. return response()->json(['Status successfully deleted.']);
  186. } else {
  187. return redirect(Auth::user()->url());
  188. }
  189. }
  190. public function storeShare(Request $request)
  191. {
  192. $this->authCheck();
  193. $this->validate($request, [
  194. 'item' => 'required|integer|min:1',
  195. ]);
  196. $user = Auth::user();
  197. $profile = $user->profile;
  198. $status = Status::withCount('shares')->findOrFail($request->input('item'));
  199. $count = $status->shares_count;
  200. $exists = Status::whereProfileId(Auth::user()->profile->id)
  201. ->whereReblogOfId($status->id)
  202. ->count();
  203. if ($exists !== 0) {
  204. $shares = Status::whereProfileId(Auth::user()->profile->id)
  205. ->whereReblogOfId($status->id)
  206. ->get();
  207. foreach ($shares as $share) {
  208. $share->delete();
  209. $count--;
  210. }
  211. } else {
  212. $share = new Status();
  213. $share->profile_id = $profile->id;
  214. $share->reblog_of_id = $status->id;
  215. $share->in_reply_to_profile_id = $status->profile_id;
  216. $share->save();
  217. $count++;
  218. SharePipeline::dispatch($share);
  219. }
  220. if($count >= 0) {
  221. $status->reblogs_count = $count;
  222. $status->save();
  223. }
  224. Cache::forget('status:'.$status->id.':sharedby:userid:'.$user->id);
  225. if ($request->ajax()) {
  226. $response = ['code' => 200, 'msg' => 'Share saved', 'count' => $count];
  227. } else {
  228. $response = redirect($status->url());
  229. }
  230. return $response;
  231. }
  232. public function showActivityPub(Request $request, $status)
  233. {
  234. $fractal = new Fractal\Manager();
  235. $resource = new Fractal\Resource\Item($status, new Note());
  236. $res = $fractal->createData($resource)->toArray();
  237. return response(json_encode($res['data']))->header('Content-Type', 'application/activity+json');
  238. }
  239. public function edit(Request $request, $username, $id)
  240. {
  241. $this->authCheck();
  242. $user = Auth::user()->profile;
  243. $status = Status::whereProfileId($user->id)
  244. ->with(['media'])
  245. ->findOrFail($id);
  246. return view('status.edit', compact('user', 'status'));
  247. }
  248. public function editStore(Request $request, $username, $id)
  249. {
  250. $this->authCheck();
  251. $user = Auth::user()->profile;
  252. $status = Status::whereProfileId($user->id)
  253. ->with(['media'])
  254. ->findOrFail($id);
  255. $this->validate($request, [
  256. 'id' => 'required|integer|min:1',
  257. 'caption' => 'nullable',
  258. 'filter' => 'nullable|alpha_dash|max:30',
  259. ]);
  260. $id = $request->input('id');
  261. $caption = $request->input('caption');
  262. $filter = $request->input('filter');
  263. $media = Media::whereProfileId($user->id)
  264. ->whereStatusId($status->id)
  265. ->find($id);
  266. $changed = false;
  267. if ($media->caption != $caption) {
  268. $media->caption = $caption;
  269. $changed = true;
  270. }
  271. if ($media->filter_class != $filter) {
  272. $media->filter_class = $filter;
  273. $changed = true;
  274. }
  275. if ($changed === true) {
  276. $media->save();
  277. Cache::forget('status:transformer:media:attachments:'.$media->status_id);
  278. }
  279. return response()->json([], 200);
  280. }
  281. protected function authCheck()
  282. {
  283. if (Auth::check() == false) {
  284. abort(403);
  285. }
  286. }
  287. protected function validateVisibility($visibility)
  288. {
  289. $allowed = ['public', 'unlisted', 'private'];
  290. return in_array($visibility, $allowed) ? $visibility : 'public';
  291. }
  292. public static function mimeTypeCheck($mimes)
  293. {
  294. $allowed = explode(',', config('pixelfed.media_types'));
  295. $count = count($mimes);
  296. $photos = 0;
  297. $videos = 0;
  298. foreach($mimes as $mime) {
  299. if(in_array($mime, $allowed) == false && $mime !== 'video/mp4') {
  300. continue;
  301. }
  302. if(str_contains($mime, 'image/')) {
  303. $photos++;
  304. }
  305. if(str_contains($mime, 'video/')) {
  306. $videos++;
  307. }
  308. }
  309. if($photos == 1 && $videos == 0) {
  310. return 'photo';
  311. }
  312. if($videos == 1 && $photos == 0) {
  313. return 'video';
  314. }
  315. if($photos > 1 && $videos == 0) {
  316. return 'photo:album';
  317. }
  318. if($videos > 1 && $photos == 0) {
  319. return 'video:album';
  320. }
  321. if($photos >= 1 && $videos >= 1) {
  322. return 'photo:video:album';
  323. }
  324. }
  325. public function toggleVisibility(Request $request) {
  326. $this->authCheck();
  327. $this->validate($request, [
  328. 'item' => 'required|string|min:1|max:20',
  329. 'disableComments' => 'required|boolean'
  330. ]);
  331. $user = Auth::user();
  332. $id = $request->input('item');
  333. $state = $request->input('disableComments');
  334. $status = Status::findOrFail($id);
  335. if($status->profile_id != $user->profile->id && $user->is_admin == false) {
  336. abort(403);
  337. }
  338. $status->comments_disabled = $status->comments_disabled == true ? false : true;
  339. $status->save();
  340. return response()->json([200]);
  341. }
  342. }