StatusController.php 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501
  1. <?php
  2. namespace App\Http\Controllers;
  3. use App\AccountInterstitial;
  4. use App\Jobs\SharePipeline\SharePipeline;
  5. use App\Jobs\SharePipeline\UndoSharePipeline;
  6. use App\Jobs\StatusPipeline\RemoteStatusDelete;
  7. use App\Jobs\StatusPipeline\StatusDelete;
  8. use App\Profile;
  9. use App\Services\AccountService;
  10. use App\Services\HashidService;
  11. use App\Services\ReblogService;
  12. use App\Services\StatusService;
  13. use App\Status;
  14. use App\StatusView;
  15. use App\Transformer\ActivityPub\Verb\Note;
  16. use App\Transformer\ActivityPub\Verb\Question;
  17. use App\Util\Media\License;
  18. use Auth;
  19. use Cache;
  20. use DB;
  21. use Illuminate\Http\Request;
  22. use League\Fractal;
  23. class StatusController extends Controller
  24. {
  25. public function show(Request $request, $username, $id)
  26. {
  27. // redirect authed users to Metro 2.0
  28. if ($request->user()) {
  29. // unless they force static view
  30. if (! $request->has('fs') || $request->input('fs') != '1') {
  31. return redirect('/i/web/post/'.$id);
  32. }
  33. }
  34. $status = StatusService::get($id, false);
  35. abort_if(
  36. ! $status ||
  37. ! isset($status['account'], $status['account']['username']) ||
  38. $status['account']['username'] != $username ||
  39. isset($status['reblog']), 404);
  40. abort_if(! in_array($status['visibility'], ['public', 'unlisted']) && ! $request->user(), 403, 'Invalid permission');
  41. if ($request->wantsJson() && (bool) config_cache('federation.activitypub.enabled')) {
  42. return $this->showActivityPub($request, $status);
  43. }
  44. $user = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
  45. if ($user->status != null) {
  46. return ProfileController::accountCheck($user);
  47. }
  48. $status = Status::whereProfileId($user->id)
  49. ->whereNull('reblog_of_id')
  50. ->whereIn('scope', ['public', 'unlisted', 'private'])
  51. ->findOrFail($id);
  52. if ($status->uri || $status->url) {
  53. $url = $status->uri ?? $status->url;
  54. if (ends_with($url, '/activity')) {
  55. $url = str_replace('/activity', '', $url);
  56. }
  57. return redirect($url);
  58. }
  59. if ($status->visibility == 'private' || $user->is_private) {
  60. if (! Auth::check()) {
  61. abort(404);
  62. }
  63. $pid = Auth::user()->profile;
  64. if ($user->followedBy($pid) == false && $user->id !== $pid->id && Auth::user()->is_admin == false) {
  65. abort(404);
  66. }
  67. }
  68. if ($status->type == 'archived') {
  69. if (Auth::user()->profile_id !== $status->profile_id) {
  70. abort(404);
  71. }
  72. }
  73. $template = $status->in_reply_to_id ? 'status.reply' : 'status.show';
  74. return view($template, compact('user', 'status'));
  75. }
  76. public function shortcodeRedirect(Request $request, $id)
  77. {
  78. $hid = HashidService::decode($id);
  79. abort_if(! $hid, 404);
  80. return redirect('/i/web/post/'.$hid);
  81. }
  82. public function showId(int $id)
  83. {
  84. abort(404);
  85. $status = Status::whereNull('reblog_of_id')
  86. ->whereIn('scope', ['public', 'unlisted'])
  87. ->findOrFail($id);
  88. return redirect($status->url());
  89. }
  90. public function showEmbed(Request $request, $username, int $id)
  91. {
  92. if (! (bool) config_cache('instance.embed.post')) {
  93. $res = view('status.embed-removed');
  94. return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
  95. }
  96. $status = StatusService::get($id);
  97. if (
  98. ! $status ||
  99. ! isset($status['account'], $status['account']['id'], $status['local']) ||
  100. ! $status['local'] ||
  101. strtolower($status['account']['username']) !== strtolower($username) ||
  102. isset($status['account']['moved'], $status['account']['moved']['id'])
  103. ) {
  104. $content = view('status.embed-removed');
  105. return response($content, 404)->header('X-Frame-Options', 'ALLOWALL');
  106. }
  107. $profile = AccountService::get($status['account']['id'], true);
  108. if (! $profile || $profile['locked'] || ! $profile['local']) {
  109. $content = view('status.embed-removed');
  110. return response($content)->header('X-Frame-Options', 'ALLOWALL');
  111. }
  112. $embedCheck = AccountService::canEmbed($profile['id']);
  113. if (! $embedCheck) {
  114. $content = view('status.embed-removed');
  115. return response($content)->header('X-Frame-Options', 'ALLOWALL');
  116. }
  117. $aiCheck = Cache::remember('profile:ai-check:spam-login:'.$profile['id'], 3600, function () use ($profile) {
  118. $user = Profile::find($profile['id']);
  119. if (! $user) {
  120. return true;
  121. }
  122. $exists = AccountInterstitial::whereUserId($user->user_id)->where('is_spam', 1)->count();
  123. if ($exists) {
  124. return true;
  125. }
  126. return false;
  127. });
  128. if ($aiCheck) {
  129. $res = view('status.embed-removed');
  130. return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
  131. }
  132. $status = StatusService::get($id);
  133. if (
  134. ! $status ||
  135. ! isset($status['account'], $status['account']['id']) ||
  136. intval($status['account']['id']) !== intval($profile['id']) ||
  137. $status['sensitive'] ||
  138. $status['visibility'] !== 'public' ||
  139. ! in_array($status['pf_type'], ['photo', 'photo:album'])
  140. ) {
  141. $content = view('status.embed-removed');
  142. return response($content)->header('X-Frame-Options', 'ALLOWALL');
  143. }
  144. $showLikes = $request->filled('likes') && $request->likes == true;
  145. $showCaption = $request->filled('caption') && $request->caption !== false;
  146. $layout = $request->filled('layout') && $request->layout == 'compact' ? 'compact' : 'full';
  147. $content = view('status.embed', compact('status', 'showLikes', 'showCaption', 'layout'));
  148. return response($content)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
  149. }
  150. public function showObject(Request $request, $username, int $id)
  151. {
  152. $user = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
  153. if ($user->status != null) {
  154. return ProfileController::accountCheck($user);
  155. }
  156. $status = Status::whereProfileId($user->id)
  157. ->whereNotIn('visibility', ['draft', 'direct'])
  158. ->findOrFail($id);
  159. abort_if($status->uri, 404);
  160. if ($status->visibility == 'private' || $user->is_private) {
  161. if (! Auth::check()) {
  162. abort(403);
  163. }
  164. $pid = Auth::user()->profile;
  165. if ($user->followedBy($pid) == false && $user->id !== $pid->id) {
  166. abort(403);
  167. }
  168. }
  169. return $this->showActivityPub($request, $status);
  170. }
  171. public function compose()
  172. {
  173. $this->authCheck();
  174. return view('status.compose');
  175. }
  176. public function store(Request $request) {}
  177. public function delete(Request $request)
  178. {
  179. $this->authCheck();
  180. $this->validate($request, [
  181. 'item' => 'required|integer|min:1',
  182. ]);
  183. $status = Status::findOrFail($request->input('item'));
  184. $user = Auth::user();
  185. if ($status->profile_id != $user->profile->id &&
  186. $user->is_admin == true &&
  187. $status->uri == null
  188. ) {
  189. $media = $status->media;
  190. $ai = new AccountInterstitial;
  191. $ai->user_id = $status->profile->user_id;
  192. $ai->type = 'post.removed';
  193. $ai->view = 'account.moderation.post.removed';
  194. $ai->item_type = 'App\Status';
  195. $ai->item_id = $status->id;
  196. $ai->has_media = (bool) $media->count();
  197. $ai->blurhash = $media->count() ? $media->first()->blurhash : null;
  198. $ai->meta = json_encode([
  199. 'caption' => $status->caption,
  200. 'created_at' => $status->created_at,
  201. 'type' => $status->type,
  202. 'url' => $status->url(),
  203. 'is_nsfw' => $status->is_nsfw,
  204. 'scope' => $status->scope,
  205. 'reblog' => $status->reblog_of_id,
  206. 'likes_count' => $status->likes_count,
  207. 'reblogs_count' => $status->reblogs_count,
  208. ]);
  209. $ai->save();
  210. $u = $status->profile->user;
  211. $u->has_interstitial = true;
  212. $u->save();
  213. }
  214. if ($status->in_reply_to_id) {
  215. $parent = Status::find($status->in_reply_to_id);
  216. if ($parent && ($parent->profile_id == $user->profile_id) || ($status->profile_id == $user->profile_id) || $user->is_admin) {
  217. Cache::forget('_api:statuses:recent_9:'.$status->profile_id);
  218. Cache::forget('profile:status_count:'.$status->profile_id);
  219. Cache::forget('profile:embed:'.$status->profile_id);
  220. StatusService::del($status->id, true);
  221. Cache::forget('profile:status_count:'.$status->profile_id);
  222. $status->uri ? RemoteStatusDelete::dispatch($status) : StatusDelete::dispatch($status);
  223. }
  224. } elseif ($status->profile_id == $user->profile_id || $user->is_admin == true) {
  225. Cache::forget('_api:statuses:recent_9:'.$status->profile_id);
  226. Cache::forget('profile:status_count:'.$status->profile_id);
  227. Cache::forget('profile:embed:'.$status->profile_id);
  228. StatusService::del($status->id, true);
  229. Cache::forget('profile:status_count:'.$status->profile_id);
  230. $status->uri ? RemoteStatusDelete::dispatch($status) : StatusDelete::dispatch($status);
  231. }
  232. if ($request->wantsJson()) {
  233. return response()->json(['Status successfully deleted.']);
  234. } else {
  235. return redirect($user->url());
  236. }
  237. }
  238. public function storeShare(Request $request)
  239. {
  240. $this->authCheck();
  241. $this->validate($request, [
  242. 'item' => 'required|integer|min:1',
  243. ]);
  244. $user = Auth::user();
  245. $profile = $user->profile;
  246. $status = Status::whereScope('public')
  247. ->findOrFail($request->input('item'));
  248. $statusAccount = AccountService::get($status->profile_id);
  249. abort_if(! $statusAccount || isset($statusAccount['moved'], $statusAccount['moved']['id']), 422, 'Account moved');
  250. $count = $status->reblogs_count;
  251. $exists = Status::whereProfileId(Auth::user()->profile->id)
  252. ->whereReblogOfId($status->id)
  253. ->exists();
  254. if ($exists == true) {
  255. $shares = Status::whereProfileId(Auth::user()->profile->id)
  256. ->whereReblogOfId($status->id)
  257. ->get();
  258. foreach ($shares as $share) {
  259. UndoSharePipeline::dispatch($share);
  260. ReblogService::del($profile->id, $status->id);
  261. $count--;
  262. }
  263. } else {
  264. $share = new Status;
  265. $share->profile_id = $profile->id;
  266. $share->reblog_of_id = $status->id;
  267. $share->in_reply_to_profile_id = $status->profile_id;
  268. $share->type = 'share';
  269. $share->save();
  270. $count++;
  271. SharePipeline::dispatch($share);
  272. ReblogService::add($profile->id, $status->id);
  273. }
  274. Cache::forget('status:'.$status->id.':sharedby:userid:'.$user->id);
  275. StatusService::del($status->id);
  276. if ($request->ajax()) {
  277. $response = ['code' => 200, 'msg' => 'Share saved', 'count' => $count];
  278. } else {
  279. $response = redirect($status->url());
  280. }
  281. return $response;
  282. }
  283. public function showActivityPub(Request $request, $status)
  284. {
  285. $key = 'pf:status:ap:v1:sid:'.$status['id'];
  286. return Cache::remember($key, 3600, function () use ($status) {
  287. $status = Status::findOrFail($status['id']);
  288. $object = $status->type == 'poll' ? new Question : new Note;
  289. $fractal = new Fractal\Manager;
  290. $resource = new Fractal\Resource\Item($status, $object);
  291. $res = $fractal->createData($resource)->toArray();
  292. return response()->json($res['data'], 200, ['Content-Type' => 'application/activity+json'], JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
  293. });
  294. }
  295. public function edit(Request $request, $username, $id)
  296. {
  297. $this->authCheck();
  298. $user = Auth::user()->profile;
  299. $status = Status::whereProfileId($user->id)
  300. ->with(['media'])
  301. ->findOrFail($id);
  302. $licenses = License::get();
  303. return view('status.edit', compact('user', 'status', 'licenses'));
  304. }
  305. public function editStore(Request $request, $username, $id)
  306. {
  307. $this->authCheck();
  308. $user = Auth::user()->profile;
  309. $status = Status::whereProfileId($user->id)
  310. ->with(['media'])
  311. ->findOrFail($id);
  312. $this->validate($request, [
  313. 'license' => 'nullable|integer|min:1|max:16',
  314. ]);
  315. $licenseId = $request->input('license');
  316. $status->media->each(function ($media) use ($licenseId) {
  317. $media->license = $licenseId;
  318. $media->save();
  319. Cache::forget('status:transformer:media:attachments:'.$media->status_id);
  320. });
  321. return redirect($status->url());
  322. }
  323. protected function authCheck()
  324. {
  325. if (Auth::check() == false) {
  326. abort(403);
  327. }
  328. }
  329. protected function validateVisibility($visibility)
  330. {
  331. $allowed = ['public', 'unlisted', 'private'];
  332. return in_array($visibility, $allowed) ? $visibility : 'public';
  333. }
  334. public static function mimeTypeCheck($mimes)
  335. {
  336. $allowed = explode(',', config_cache('pixelfed.media_types'));
  337. $count = count($mimes);
  338. $photos = 0;
  339. $videos = 0;
  340. foreach ($mimes as $mime) {
  341. if (in_array($mime, $allowed) == false && $mime !== 'video/mp4') {
  342. continue;
  343. }
  344. if (str_contains($mime, 'image/')) {
  345. $photos++;
  346. }
  347. if (str_contains($mime, 'video/')) {
  348. $videos++;
  349. }
  350. }
  351. if ($photos == 1 && $videos == 0) {
  352. return 'photo';
  353. }
  354. if ($videos == 1 && $photos == 0) {
  355. return 'video';
  356. }
  357. if ($photos > 1 && $videos == 0) {
  358. return 'photo:album';
  359. }
  360. if ($videos > 1 && $photos == 0) {
  361. return 'video:album';
  362. }
  363. if ($photos >= 1 && $videos >= 1) {
  364. return 'photo:video:album';
  365. }
  366. return 'text';
  367. }
  368. public function toggleVisibility(Request $request)
  369. {
  370. $this->authCheck();
  371. $this->validate($request, [
  372. 'item' => 'required|string|min:1|max:20',
  373. 'disableComments' => 'required|boolean',
  374. ]);
  375. $user = Auth::user();
  376. $id = $request->input('item');
  377. $state = $request->input('disableComments');
  378. $status = Status::findOrFail($id);
  379. if ($status->profile_id != $user->profile->id && $user->is_admin == false) {
  380. abort(403);
  381. }
  382. $status->comments_disabled = $status->comments_disabled == true ? false : true;
  383. $status->save();
  384. return response()->json([200]);
  385. }
  386. public function storeView(Request $request)
  387. {
  388. abort_if(! $request->user(), 403);
  389. $views = $request->input('_v');
  390. $uid = $request->user()->profile_id;
  391. if (empty($views) || ! is_array($views)) {
  392. return response()->json(0);
  393. }
  394. Cache::forget('profile:home-timeline-cursor:'.$request->user()->id);
  395. foreach ($views as $view) {
  396. if (! isset($view['sid']) || ! isset($view['pid'])) {
  397. continue;
  398. }
  399. DB::transaction(function () use ($view, $uid) {
  400. StatusView::firstOrCreate([
  401. 'status_id' => $view['sid'],
  402. 'status_profile_id' => $view['pid'],
  403. 'profile_id' => $uid,
  404. ]);
  405. });
  406. }
  407. return response()->json(1);
  408. }
  409. }