StatusController.php 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423
  1. <?php
  2. namespace App\Http\Controllers;
  3. use App\Jobs\ImageOptimizePipeline\ImageOptimize;
  4. use App\Jobs\StatusPipeline\NewStatusPipeline;
  5. use App\Jobs\StatusPipeline\StatusDelete;
  6. use App\Jobs\SharePipeline\SharePipeline;
  7. use App\AccountInterstitial;
  8. use App\Media;
  9. use App\Profile;
  10. use App\Status;
  11. use App\StatusView;
  12. use App\Transformer\ActivityPub\StatusTransformer;
  13. use App\Transformer\ActivityPub\Verb\Note;
  14. use App\User;
  15. use Auth, DB, Cache;
  16. use Illuminate\Http\Request;
  17. use League\Fractal;
  18. use App\Util\Media\Filter;
  19. use Illuminate\Support\Str;
  20. use App\Services\HashidService;
  21. use App\Services\StatusService;
  22. use App\Util\Media\License;
  23. class StatusController extends Controller
  24. {
  25. public function show(Request $request, $username, int $id)
  26. {
  27. $user = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
  28. if($user->status != null) {
  29. return ProfileController::accountCheck($user);
  30. }
  31. $status = Status::whereProfileId($user->id)
  32. ->whereNull('reblog_of_id')
  33. ->whereIn('scope', ['public','unlisted', 'private'])
  34. ->findOrFail($id);
  35. if($status->uri || $status->url) {
  36. $url = $status->uri ?? $status->url;
  37. if(ends_with($url, '/activity')) {
  38. $url = str_replace('/activity', '', $url);
  39. }
  40. return redirect($url);
  41. }
  42. if($status->visibility == 'private' || $user->is_private) {
  43. if(!Auth::check()) {
  44. abort(404);
  45. }
  46. $pid = Auth::user()->profile;
  47. if($user->followedBy($pid) == false && $user->id !== $pid->id && Auth::user()->is_admin == false) {
  48. abort(404);
  49. }
  50. }
  51. if($status->type == 'archived') {
  52. if(Auth::user()->profile_id !== $status->profile_id) {
  53. abort(404);
  54. }
  55. }
  56. if($request->user() && $request->user()->profile_id != $status->profile_id) {
  57. StatusView::firstOrCreate([
  58. 'status_id' => $status->id,
  59. 'status_profile_id' => $status->profile_id,
  60. 'profile_id' => $request->user()->profile_id
  61. ]);
  62. }
  63. if ($request->wantsJson() && config_cache('federation.activitypub.enabled')) {
  64. return $this->showActivityPub($request, $status);
  65. }
  66. $template = $status->in_reply_to_id ? 'status.reply' : 'status.show';
  67. return view($template, compact('user', 'status'));
  68. }
  69. public function shortcodeRedirect(Request $request, $id)
  70. {
  71. abort_if(strlen($id) < 5, 404);
  72. if(!Auth::check()) {
  73. return redirect('/login?next='.urlencode('/' . $request->path()));
  74. }
  75. $id = HashidService::decode($id);
  76. $status = Status::find($id);
  77. if(!$status) {
  78. return redirect('/404');
  79. }
  80. return redirect($status->url());
  81. }
  82. public function showId(int $id)
  83. {
  84. abort(404);
  85. $status = Status::whereNull('reblog_of_id')
  86. ->whereIn('scope', ['public', 'unlisted'])
  87. ->findOrFail($id);
  88. return redirect($status->url());
  89. }
  90. public function showEmbed(Request $request, $username, int $id)
  91. {
  92. $profile = Profile::whereNull(['domain','status'])
  93. ->whereIsPrivate(false)
  94. ->whereUsername($username)
  95. ->first();
  96. if(!$profile) {
  97. $content = view('status.embed-removed');
  98. return response($content)->header('X-Frame-Options', 'ALLOWALL');
  99. }
  100. $status = Status::whereProfileId($profile->id)
  101. ->whereNull('uri')
  102. ->whereScope('public')
  103. ->whereIsNsfw(false)
  104. ->whereIn('type', ['photo', 'video','photo:album'])
  105. ->find($id);
  106. if(!$status) {
  107. $content = view('status.embed-removed');
  108. return response($content)->header('X-Frame-Options', 'ALLOWALL');
  109. }
  110. $showLikes = $request->filled('likes') && $request->likes == true;
  111. $showCaption = $request->filled('caption') && $request->caption !== false;
  112. $layout = $request->filled('layout') && $request->layout == 'compact' ? 'compact' : 'full';
  113. $content = view('status.embed', compact('status', 'showLikes', 'showCaption', 'layout'));
  114. return response($content)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
  115. }
  116. public function showObject(Request $request, $username, int $id)
  117. {
  118. $user = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();
  119. if($user->status != null) {
  120. return ProfileController::accountCheck($user);
  121. }
  122. $status = Status::whereProfileId($user->id)
  123. ->whereNotIn('visibility',['draft','direct'])
  124. ->findOrFail($id);
  125. abort_if($status->uri, 404);
  126. if($status->visibility == 'private' || $user->is_private) {
  127. if(!Auth::check()) {
  128. abort(403);
  129. }
  130. $pid = Auth::user()->profile;
  131. if($user->followedBy($pid) == false && $user->id !== $pid->id) {
  132. abort(403);
  133. }
  134. }
  135. return $this->showActivityPub($request, $status);
  136. }
  137. public function compose()
  138. {
  139. $this->authCheck();
  140. return view('status.compose');
  141. }
  142. public function store(Request $request)
  143. {
  144. return;
  145. }
  146. public function delete(Request $request)
  147. {
  148. $this->authCheck();
  149. $this->validate($request, [
  150. 'item' => 'required|integer|min:1',
  151. ]);
  152. $status = Status::findOrFail($request->input('item'));
  153. $user = Auth::user();
  154. if($status->profile_id != $user->profile->id &&
  155. $user->is_admin == true &&
  156. $status->uri == null
  157. ) {
  158. $media = $status->media;
  159. $ai = new AccountInterstitial;
  160. $ai->user_id = $status->profile->user_id;
  161. $ai->type = 'post.removed';
  162. $ai->view = 'account.moderation.post.removed';
  163. $ai->item_type = 'App\Status';
  164. $ai->item_id = $status->id;
  165. $ai->has_media = (bool) $media->count();
  166. $ai->blurhash = $media->count() ? $media->first()->blurhash : null;
  167. $ai->meta = json_encode([
  168. 'caption' => $status->caption,
  169. 'created_at' => $status->created_at,
  170. 'type' => $status->type,
  171. 'url' => $status->url(),
  172. 'is_nsfw' => $status->is_nsfw,
  173. 'scope' => $status->scope,
  174. 'reblog' => $status->reblog_of_id,
  175. 'likes_count' => $status->likes_count,
  176. 'reblogs_count' => $status->reblogs_count,
  177. ]);
  178. $ai->save();
  179. $u = $status->profile->user;
  180. $u->has_interstitial = true;
  181. $u->save();
  182. }
  183. Cache::forget('_api:statuses:recent_9:' . $status->profile_id);
  184. Cache::forget('profile:status_count:' . $status->profile_id);
  185. Cache::forget('profile:embed:' . $status->profile_id);
  186. StatusService::del($status->id);
  187. if ($status->profile_id == $user->profile->id || $user->is_admin == true) {
  188. Cache::forget('profile:status_count:'.$status->profile_id);
  189. StatusDelete::dispatch($status);
  190. }
  191. if($request->wantsJson()) {
  192. return response()->json(['Status successfully deleted.']);
  193. } else {
  194. return redirect($user->url());
  195. }
  196. }
  197. public function storeShare(Request $request)
  198. {
  199. $this->authCheck();
  200. $this->validate($request, [
  201. 'item' => 'required|integer|min:1',
  202. ]);
  203. $user = Auth::user();
  204. $profile = $user->profile;
  205. $status = Status::withCount('shares')
  206. ->whereIn('scope', ['public', 'unlisted'])
  207. ->findOrFail($request->input('item'));
  208. $count = $status->shares()->count();
  209. $exists = Status::whereProfileId(Auth::user()->profile->id)
  210. ->whereReblogOfId($status->id)
  211. ->count();
  212. if ($exists !== 0) {
  213. $shares = Status::whereProfileId(Auth::user()->profile->id)
  214. ->whereReblogOfId($status->id)
  215. ->get();
  216. foreach ($shares as $share) {
  217. $share->delete();
  218. $count--;
  219. }
  220. } else {
  221. $share = new Status();
  222. $share->profile_id = $profile->id;
  223. $share->reblog_of_id = $status->id;
  224. $share->in_reply_to_profile_id = $status->profile_id;
  225. $share->save();
  226. $count++;
  227. SharePipeline::dispatch($share);
  228. }
  229. if($count >= 0) {
  230. $status->reblogs_count = $count;
  231. $status->save();
  232. }
  233. Cache::forget('status:'.$status->id.':sharedby:userid:'.$user->id);
  234. StatusService::del($status->id);
  235. if ($request->ajax()) {
  236. $response = ['code' => 200, 'msg' => 'Share saved', 'count' => $count];
  237. } else {
  238. $response = redirect($status->url());
  239. }
  240. return $response;
  241. }
  242. public function showActivityPub(Request $request, $status)
  243. {
  244. $fractal = new Fractal\Manager();
  245. $resource = new Fractal\Resource\Item($status, new Note());
  246. $res = $fractal->createData($resource)->toArray();
  247. return response()->json($res['data'], 200, ['Content-Type' => 'application/activity+json'], JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES);
  248. }
  249. public function edit(Request $request, $username, $id)
  250. {
  251. $this->authCheck();
  252. $user = Auth::user()->profile;
  253. $status = Status::whereProfileId($user->id)
  254. ->with(['media'])
  255. ->findOrFail($id);
  256. $licenses = License::get();
  257. return view('status.edit', compact('user', 'status', 'licenses'));
  258. }
  259. public function editStore(Request $request, $username, $id)
  260. {
  261. $this->authCheck();
  262. $user = Auth::user()->profile;
  263. $status = Status::whereProfileId($user->id)
  264. ->with(['media'])
  265. ->findOrFail($id);
  266. $this->validate($request, [
  267. 'license' => 'nullable|integer|min:1|max:16',
  268. ]);
  269. $licenseId = $request->input('license');
  270. $status->media->each(function($media) use($licenseId) {
  271. $media->license = $licenseId;
  272. $media->save();
  273. Cache::forget('status:transformer:media:attachments:'.$media->status_id);
  274. });
  275. return redirect($status->url());
  276. }
  277. protected function authCheck()
  278. {
  279. if (Auth::check() == false) {
  280. abort(403);
  281. }
  282. }
  283. protected function validateVisibility($visibility)
  284. {
  285. $allowed = ['public', 'unlisted', 'private'];
  286. return in_array($visibility, $allowed) ? $visibility : 'public';
  287. }
  288. public static function mimeTypeCheck($mimes)
  289. {
  290. $allowed = explode(',', config_cache('pixelfed.media_types'));
  291. $count = count($mimes);
  292. $photos = 0;
  293. $videos = 0;
  294. foreach($mimes as $mime) {
  295. if(in_array($mime, $allowed) == false && $mime !== 'video/mp4') {
  296. continue;
  297. }
  298. if(str_contains($mime, 'image/')) {
  299. $photos++;
  300. }
  301. if(str_contains($mime, 'video/')) {
  302. $videos++;
  303. }
  304. }
  305. if($photos == 1 && $videos == 0) {
  306. return 'photo';
  307. }
  308. if($videos == 1 && $photos == 0) {
  309. return 'video';
  310. }
  311. if($photos > 1 && $videos == 0) {
  312. return 'photo:album';
  313. }
  314. if($videos > 1 && $photos == 0) {
  315. return 'video:album';
  316. }
  317. if($photos >= 1 && $videos >= 1) {
  318. return 'photo:video:album';
  319. }
  320. }
  321. public function toggleVisibility(Request $request) {
  322. $this->authCheck();
  323. $this->validate($request, [
  324. 'item' => 'required|string|min:1|max:20',
  325. 'disableComments' => 'required|boolean'
  326. ]);
  327. $user = Auth::user();
  328. $id = $request->input('item');
  329. $state = $request->input('disableComments');
  330. $status = Status::findOrFail($id);
  331. if($status->profile_id != $user->profile->id && $user->is_admin == false) {
  332. abort(403);
  333. }
  334. $status->comments_disabled = $status->comments_disabled == true ? false : true;
  335. $status->save();
  336. return response()->json([200]);
  337. }
  338. public function storeView(Request $request)
  339. {
  340. abort_if(!$request->user(), 403);
  341. $views = $request->input('_v');
  342. $uid = $request->user()->profile_id;
  343. if(empty($views) || !is_array($views)) {
  344. return response()->json(0);
  345. }
  346. foreach($views as $view) {
  347. if(!isset($view['sid']) || !isset($view['pid'])) {
  348. continue;
  349. }
  350. DB::transaction(function () use($view, $uid) {
  351. StatusView::firstOrCreate([
  352. 'status_id' => $view['sid'],
  353. 'status_profile_id' => $view['pid'],
  354. 'profile_id' => $uid
  355. ]);
  356. });
  357. }
  358. return response()->json(1);
  359. }
  360. }