ApiV1Dot1Controller.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776
  1. <?php
  2. namespace App\Http\Controllers\Api;
  3. use Cache;
  4. use DB;
  5. use App\Http\Controllers\Controller;
  6. use Illuminate\Http\Request;
  7. use League\Fractal;
  8. use League\Fractal\Serializer\ArraySerializer;
  9. use League\Fractal\Pagination\IlluminatePaginatorAdapter;
  10. use App\AccountLog;
  11. use App\EmailVerification;
  12. use App\Place;
  13. use App\Status;
  14. use App\Report;
  15. use App\Profile;
  16. use App\StatusArchived;
  17. use App\User;
  18. use App\Services\AccountService;
  19. use App\Services\StatusService;
  20. use App\Services\ProfileStatusService;
  21. use App\Services\PublicTimelineService;
  22. use App\Services\NetworkTimelineService;
  23. use App\Util\Lexer\RestrictedNames;
  24. use App\Services\EmailService;
  25. use Illuminate\Support\Str;
  26. use Illuminate\Support\Facades\Hash;
  27. use Jenssegers\Agent\Agent;
  28. use Mail;
  29. use App\Mail\PasswordChange;
  30. use App\Mail\ConfirmAppEmail;
  31. use App\Http\Resources\StatusStateless;
  32. use App\Jobs\StatusPipeline\StatusDelete;
  33. use App\Jobs\ReportPipeline\ReportNotifyAdminViaEmail;
  34. class ApiV1Dot1Controller extends Controller
  35. {
  36. protected $fractal;
  37. public function __construct()
  38. {
  39. $this->fractal = new Fractal\Manager();
  40. $this->fractal->setSerializer(new ArraySerializer());
  41. }
  42. public function json($res, $code = 200, $headers = [])
  43. {
  44. return response()->json($res, $code, $headers, JSON_UNESCAPED_SLASHES);
  45. }
  46. public function error($msg, $code = 400, $extra = [], $headers = [])
  47. {
  48. $res = [
  49. "msg" => $msg,
  50. "code" => $code
  51. ];
  52. return response()->json(array_merge($res, $extra), $code, $headers, JSON_UNESCAPED_SLASHES);
  53. }
  54. public function report(Request $request)
  55. {
  56. $user = $request->user();
  57. abort_if(!$user, 403);
  58. abort_if($user->status != null, 403);
  59. $report_type = $request->input('report_type');
  60. $object_id = $request->input('object_id');
  61. $object_type = $request->input('object_type');
  62. $types = [
  63. 'spam',
  64. 'sensitive',
  65. 'abusive',
  66. 'underage',
  67. 'violence',
  68. 'copyright',
  69. 'impersonation',
  70. 'scam',
  71. 'terrorism'
  72. ];
  73. if (!$report_type || !$object_id || !$object_type) {
  74. return $this->error("Invalid or missing parameters", 400, ["error_code" => "ERROR_INVALID_PARAMS"]);
  75. }
  76. if (!in_array($report_type, $types)) {
  77. return $this->error("Invalid report type", 400, ["error_code" => "ERROR_TYPE_INVALID"]);
  78. }
  79. if ($object_type === "user" && $object_id == $user->profile_id) {
  80. return $this->error("Cannot self report", 400, ["error_code" => "ERROR_NO_SELF_REPORTS"]);
  81. }
  82. $rpid = null;
  83. switch ($object_type) {
  84. case 'post':
  85. $object = Status::find($object_id);
  86. if (!$object) {
  87. return $this->error("Invalid object id", 400, ["error_code" => "ERROR_INVALID_OBJECT_ID"]);
  88. }
  89. $object_type = 'App\Status';
  90. $exists = Report::whereUserId($user->id)
  91. ->whereObjectId($object->id)
  92. ->whereObjectType('App\Status')
  93. ->count();
  94. $rpid = $object->profile_id;
  95. break;
  96. case 'user':
  97. $object = Profile::find($object_id);
  98. if (!$object) {
  99. return $this->error("Invalid object id", 400, ["error_code" => "ERROR_INVALID_OBJECT_ID"]);
  100. }
  101. $object_type = 'App\Profile';
  102. $exists = Report::whereUserId($user->id)
  103. ->whereObjectId($object->id)
  104. ->whereObjectType('App\Profile')
  105. ->count();
  106. $rpid = $object->id;
  107. break;
  108. default:
  109. return $this->error("Invalid report type", 400, ["error_code" => "ERROR_REPORT_OBJECT_TYPE_INVALID"]);
  110. break;
  111. }
  112. if ($exists !== 0) {
  113. return $this->error("Duplicate report", 400, ["error_code" => "ERROR_REPORT_DUPLICATE"]);
  114. }
  115. if ($object->profile_id == $user->profile_id) {
  116. return $this->error("Cannot self report", 400, ["error_code" => "ERROR_NO_SELF_REPORTS"]);
  117. }
  118. $report = new Report;
  119. $report->profile_id = $user->profile_id;
  120. $report->user_id = $user->id;
  121. $report->object_id = $object->id;
  122. $report->object_type = $object_type;
  123. $report->reported_profile_id = $rpid;
  124. $report->type = $report_type;
  125. $report->save();
  126. if(config('instance.reports.email.enabled')) {
  127. ReportNotifyAdminViaEmail::dispatch($report)->onQueue('default');
  128. }
  129. $res = [
  130. "msg" => "Successfully sent report",
  131. "code" => 200
  132. ];
  133. return $this->json($res);
  134. }
  135. /**
  136. * DELETE /api/v1.1/accounts/avatar
  137. *
  138. * @return \App\Transformer\Api\AccountTransformer
  139. */
  140. public function deleteAvatar(Request $request)
  141. {
  142. $user = $request->user();
  143. abort_if(!$user, 403);
  144. abort_if($user->status != null, 403);
  145. $avatar = $user->profile->avatar;
  146. if( $avatar->media_path == 'public/avatars/default.png' ||
  147. $avatar->media_path == 'public/avatars/default.jpg'
  148. ) {
  149. return AccountService::get($user->profile_id);
  150. }
  151. if(is_file(storage_path('app/' . $avatar->media_path))) {
  152. @unlink(storage_path('app/' . $avatar->media_path));
  153. }
  154. $avatar->media_path = 'public/avatars/default.jpg';
  155. $avatar->change_count = $avatar->change_count + 1;
  156. $avatar->save();
  157. Cache::forget('avatar:' . $user->profile_id);
  158. Cache::forget("avatar:{$user->profile_id}");
  159. Cache::forget('user:account:id:'.$user->id);
  160. AccountService::del($user->profile_id);
  161. return AccountService::get($user->profile_id);
  162. }
  163. /**
  164. * GET /api/v1.1/accounts/{id}/posts
  165. *
  166. * @return \App\Transformer\Api\StatusTransformer
  167. */
  168. public function accountPosts(Request $request, $id)
  169. {
  170. $user = $request->user();
  171. abort_if(!$user, 403);
  172. abort_if($user->status != null, 403);
  173. $account = AccountService::get($id);
  174. if(!$account || $account['username'] !== $request->input('username')) {
  175. return $this->json([]);
  176. }
  177. $posts = ProfileStatusService::get($id);
  178. if(!$posts) {
  179. return $this->json([]);
  180. }
  181. $res = collect($posts)
  182. ->map(function($id) {
  183. return StatusService::get($id);
  184. })
  185. ->filter(function($post) {
  186. return $post && isset($post['account']);
  187. })
  188. ->toArray();
  189. return $this->json($res);
  190. }
  191. /**
  192. * POST /api/v1.1/accounts/change-password
  193. *
  194. * @return \App\Transformer\Api\AccountTransformer
  195. */
  196. public function accountChangePassword(Request $request)
  197. {
  198. $user = $request->user();
  199. abort_if(!$user, 403);
  200. abort_if($user->status != null, 403);
  201. $this->validate($request, [
  202. 'current_password' => 'bail|required|current_password',
  203. 'new_password' => 'required|min:' . config('pixelfed.min_password_length', 8),
  204. 'confirm_password' => 'required|same:new_password'
  205. ],[
  206. 'current_password' => 'The password you entered is incorrect'
  207. ]);
  208. $user->password = bcrypt($request->input('new_password'));
  209. $user->save();
  210. $log = new AccountLog;
  211. $log->user_id = $user->id;
  212. $log->item_id = $user->id;
  213. $log->item_type = 'App\User';
  214. $log->action = 'account.edit.password';
  215. $log->message = 'Password changed';
  216. $log->link = null;
  217. $log->ip_address = $request->ip();
  218. $log->user_agent = $request->userAgent();
  219. $log->save();
  220. Mail::to($request->user())->send(new PasswordChange($user));
  221. return $this->json(AccountService::get($user->profile_id));
  222. }
  223. /**
  224. * GET /api/v1.1/accounts/login-activity
  225. *
  226. * @return array
  227. */
  228. public function accountLoginActivity(Request $request)
  229. {
  230. $user = $request->user();
  231. abort_if(!$user, 403);
  232. abort_if($user->status != null, 403);
  233. $agent = new Agent();
  234. $currentIp = $request->ip();
  235. $activity = AccountLog::whereUserId($user->id)
  236. ->whereAction('auth.login')
  237. ->orderBy('created_at', 'desc')
  238. ->groupBy('ip_address')
  239. ->limit(10)
  240. ->get()
  241. ->map(function($item) use($agent, $currentIp) {
  242. $agent->setUserAgent($item->user_agent);
  243. return [
  244. 'id' => $item->id,
  245. 'action' => $item->action,
  246. 'ip' => $item->ip_address,
  247. 'ip_current' => $item->ip_address === $currentIp,
  248. 'is_mobile' => $agent->isMobile(),
  249. 'device' => $agent->device(),
  250. 'browser' => $agent->browser(),
  251. 'platform' => $agent->platform(),
  252. 'created_at' => $item->created_at->format('c')
  253. ];
  254. });
  255. return $this->json($activity);
  256. }
  257. /**
  258. * GET /api/v1.1/accounts/two-factor
  259. *
  260. * @return array
  261. */
  262. public function accountTwoFactor(Request $request)
  263. {
  264. $user = $request->user();
  265. abort_if(!$user, 403);
  266. abort_if($user->status != null, 403);
  267. $res = [
  268. 'active' => (bool) $user->{'2fa_enabled'},
  269. 'setup_at' => $user->{'2fa_setup_at'}
  270. ];
  271. return $this->json($res);
  272. }
  273. /**
  274. * GET /api/v1.1/accounts/emails-from-pixelfed
  275. *
  276. * @return array
  277. */
  278. public function accountEmailsFromPixelfed(Request $request)
  279. {
  280. $user = $request->user();
  281. abort_if(!$user, 403);
  282. abort_if($user->status != null, 403);
  283. $from = config('mail.from.address');
  284. $emailVerifications = EmailVerification::whereUserId($user->id)
  285. ->orderByDesc('id')
  286. ->where('created_at', '>', now()->subDays(14))
  287. ->limit(10)
  288. ->get()
  289. ->map(function($mail) use($user, $from) {
  290. return [
  291. 'type' => 'Email Verification',
  292. 'subject' => 'Confirm Email',
  293. 'to_address' => $user->email,
  294. 'from_address' => $from,
  295. 'created_at' => str_replace('@', 'at', $mail->created_at->format('M j, Y @ g:i:s A'))
  296. ];
  297. })
  298. ->toArray();
  299. $passwordResets = DB::table('password_resets')
  300. ->whereEmail($user->email)
  301. ->where('created_at', '>', now()->subDays(14))
  302. ->orderByDesc('created_at')
  303. ->limit(10)
  304. ->get()
  305. ->map(function($mail) use($user, $from) {
  306. return [
  307. 'type' => 'Password Reset',
  308. 'subject' => 'Reset Password Notification',
  309. 'to_address' => $user->email,
  310. 'from_address' => $from,
  311. 'created_at' => str_replace('@', 'at', now()->parse($mail->created_at)->format('M j, Y @ g:i:s A'))
  312. ];
  313. })
  314. ->toArray();
  315. $passwordChanges = AccountLog::whereUserId($user->id)
  316. ->whereAction('account.edit.password')
  317. ->where('created_at', '>', now()->subDays(14))
  318. ->orderByDesc('created_at')
  319. ->limit(10)
  320. ->get()
  321. ->map(function($mail) use($user, $from) {
  322. return [
  323. 'type' => 'Password Change',
  324. 'subject' => 'Password Change',
  325. 'to_address' => $user->email,
  326. 'from_address' => $from,
  327. 'created_at' => str_replace('@', 'at', now()->parse($mail->created_at)->format('M j, Y @ g:i:s A'))
  328. ];
  329. })
  330. ->toArray();
  331. $res = collect([])
  332. ->merge($emailVerifications)
  333. ->merge($passwordResets)
  334. ->merge($passwordChanges)
  335. ->sortByDesc('created_at')
  336. ->values();
  337. return $this->json($res);
  338. }
  339. /**
  340. * GET /api/v1.1/accounts/apps-and-applications
  341. *
  342. * @return array
  343. */
  344. public function accountApps(Request $request)
  345. {
  346. $user = $request->user();
  347. abort_if(!$user, 403);
  348. abort_if($user->status != null, 403);
  349. $res = $user->tokens->sortByDesc('created_at')->take(10)->map(function($token, $key) use($request) {
  350. return [
  351. 'id' => $token->id,
  352. 'current_session' => $request->user()->token()->id == $token->id,
  353. 'name' => $token->client->name,
  354. 'scopes' => $token->scopes,
  355. 'revoked' => $token->revoked,
  356. 'created_at' => str_replace('@', 'at', now()->parse($token->created_at)->format('M j, Y @ g:i:s A')),
  357. 'expires_at' => str_replace('@', 'at', now()->parse($token->expires_at)->format('M j, Y @ g:i:s A'))
  358. ];
  359. });
  360. return $this->json($res);
  361. }
  362. public function inAppRegistrationPreFlightCheck(Request $request)
  363. {
  364. return [
  365. 'open' => config('pixelfed.open_registration'),
  366. 'iara' => config('pixelfed.allow_app_registration')
  367. ];
  368. }
  369. public function inAppRegistration(Request $request)
  370. {
  371. abort_if($request->user(), 404);
  372. abort_unless(config('pixelfed.open_registration'), 404);
  373. abort_unless(config('pixelfed.allow_app_registration'), 404);
  374. abort_unless($request->hasHeader('X-PIXELFED-APP'), 403);
  375. $this->validate($request, [
  376. 'email' => [
  377. 'required',
  378. 'string',
  379. 'email',
  380. 'max:255',
  381. 'unique:users',
  382. function ($attribute, $value, $fail) {
  383. $banned = EmailService::isBanned($value);
  384. if($banned) {
  385. return $fail('Email is invalid.');
  386. }
  387. },
  388. ],
  389. 'username' => [
  390. 'required',
  391. 'min:2',
  392. 'max:15',
  393. 'unique:users',
  394. function ($attribute, $value, $fail) {
  395. $dash = substr_count($value, '-');
  396. $underscore = substr_count($value, '_');
  397. $period = substr_count($value, '.');
  398. if(ends_with($value, ['.php', '.js', '.css'])) {
  399. return $fail('Username is invalid.');
  400. }
  401. if(($dash + $underscore + $period) > 1) {
  402. return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
  403. }
  404. if (!ctype_alnum($value[0])) {
  405. return $fail('Username is invalid. Must start with a letter or number.');
  406. }
  407. if (!ctype_alnum($value[strlen($value) - 1])) {
  408. return $fail('Username is invalid. Must end with a letter or number.');
  409. }
  410. $val = str_replace(['_', '.', '-'], '', $value);
  411. if(!ctype_alnum($val)) {
  412. return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
  413. }
  414. $restricted = RestrictedNames::get();
  415. if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
  416. return $fail('Username cannot be used.');
  417. }
  418. },
  419. ],
  420. 'password' => 'required|string|min:8',
  421. ]);
  422. $email = $request->input('email');
  423. $username = $request->input('username');
  424. $password = $request->input('password');
  425. if(config('database.default') == 'pgsql') {
  426. $username = strtolower($username);
  427. $email = strtolower($email);
  428. }
  429. $user = new User;
  430. $user->name = $username;
  431. $user->username = $username;
  432. $user->email = $email;
  433. $user->password = Hash::make($password);
  434. $user->register_source = 'app';
  435. $user->app_register_ip = $request->ip();
  436. $user->app_register_token = Str::random(32);
  437. $user->save();
  438. $rtoken = Str::random(mt_rand(64, 70));
  439. $verify = new EmailVerification();
  440. $verify->user_id = $user->id;
  441. $verify->email = $user->email;
  442. $verify->user_token = $user->app_register_token;
  443. $verify->random_token = $rtoken;
  444. $verify->save();
  445. $appUrl = url('/api/v1.1/auth/iarer?ut=' . $user->app_register_token . '&rt=' . $rtoken);
  446. Mail::to($user->email)->send(new ConfirmAppEmail($verify, $appUrl));
  447. return response()->json([
  448. 'success' => true,
  449. ]);
  450. }
  451. public function inAppRegistrationEmailRedirect(Request $request)
  452. {
  453. $this->validate($request, [
  454. 'ut' => 'required',
  455. 'rt' => 'required'
  456. ]);
  457. $ut = $request->input('ut');
  458. $rt = $request->input('rt');
  459. $url = 'pixelfed://confirm-account/'. $ut . '?rt=' . $rt;
  460. return redirect()->away($url);
  461. }
  462. public function inAppRegistrationConfirm(Request $request)
  463. {
  464. abort_if($request->user(), 404);
  465. abort_unless(config('pixelfed.open_registration'), 404);
  466. abort_unless(config('pixelfed.allow_app_registration'), 404);
  467. abort_unless($request->hasHeader('X-PIXELFED-APP'), 403);
  468. $this->validate($request, [
  469. 'user_token' => 'required',
  470. 'random_token' => 'required',
  471. 'email' => 'required'
  472. ]);
  473. $verify = EmailVerification::whereEmail($request->input('email'))
  474. ->whereUserToken($request->input('user_token'))
  475. ->whereRandomToken($request->input('random_token'))
  476. ->first();
  477. if(!$verify) {
  478. return response()->json(['error' => 'Invalid tokens'], 403);
  479. }
  480. if($verify->created_at->lt(now()->subHours(24))) {
  481. $verify->delete();
  482. return response()->json(['error' => 'Invalid tokens'], 403);
  483. }
  484. $user = User::findOrFail($verify->user_id);
  485. $user->email_verified_at = now();
  486. $user->last_active_at = now();
  487. $user->save();
  488. $token = $user->createToken('Pixelfed');
  489. return response()->json([
  490. 'access_token' => $token->accessToken
  491. ]);
  492. }
  493. public function archive(Request $request, $id)
  494. {
  495. abort_if(!$request->user(), 403);
  496. $status = Status::whereNull('in_reply_to_id')
  497. ->whereNull('reblog_of_id')
  498. ->whereProfileId($request->user()->profile_id)
  499. ->findOrFail($id);
  500. if($status->scope === 'archived') {
  501. return [200];
  502. }
  503. $archive = new StatusArchived;
  504. $archive->status_id = $status->id;
  505. $archive->profile_id = $status->profile_id;
  506. $archive->original_scope = $status->scope;
  507. $archive->save();
  508. $status->scope = 'archived';
  509. $status->visibility = 'draft';
  510. $status->save();
  511. StatusService::del($status->id, true);
  512. AccountService::syncPostCount($status->profile_id);
  513. return [200];
  514. }
  515. public function unarchive(Request $request, $id)
  516. {
  517. abort_if(!$request->user(), 403);
  518. $status = Status::whereNull('in_reply_to_id')
  519. ->whereNull('reblog_of_id')
  520. ->whereProfileId($request->user()->profile_id)
  521. ->findOrFail($id);
  522. if($status->scope !== 'archived') {
  523. return [200];
  524. }
  525. $archive = StatusArchived::whereStatusId($status->id)
  526. ->whereProfileId($status->profile_id)
  527. ->firstOrFail();
  528. $status->scope = $archive->original_scope;
  529. $status->visibility = $archive->original_scope;
  530. $status->save();
  531. $archive->delete();
  532. StatusService::del($status->id, true);
  533. AccountService::syncPostCount($status->profile_id);
  534. return [200];
  535. }
  536. public function archivedPosts(Request $request)
  537. {
  538. abort_if(!$request->user(), 403);
  539. $statuses = Status::whereProfileId($request->user()->profile_id)
  540. ->whereScope('archived')
  541. ->orderByDesc('id')
  542. ->cursorPaginate(10);
  543. return StatusStateless::collection($statuses);
  544. }
  545. public function placesById(Request $request, $id, $slug)
  546. {
  547. abort_if(!$request->user(), 403);
  548. $place = Place::whereSlug($slug)->findOrFail($id);
  549. $posts = Cache::remember('pf-api:v1.1:places-by-id:' . $place->id, 3600, function() use($place) {
  550. return Status::wherePlaceId($place->id)
  551. ->whereNull('uri')
  552. ->whereScope('public')
  553. ->orderByDesc('created_at')
  554. ->limit(60)
  555. ->pluck('id');
  556. });
  557. $posts = $posts->map(function($id) {
  558. return StatusService::get($id);
  559. })
  560. ->filter()
  561. ->values();
  562. return [
  563. 'place' =>
  564. [
  565. 'id' => $place->id,
  566. 'name' => $place->name,
  567. 'slug' => $place->slug,
  568. 'country' => $place->country,
  569. 'lat' => $place->lat,
  570. 'long' => $place->long
  571. ],
  572. 'posts' => $posts];
  573. }
  574. public function moderatePost(Request $request, $id)
  575. {
  576. abort_if(!$request->user(), 403);
  577. abort_if($request->user()->is_admin != true, 403);
  578. $this->validate($request, [
  579. 'action' => 'required|in:cw,mark-public,mark-unlisted,mark-private,mark-spammer,delete'
  580. ]);
  581. $action = $request->input('action');
  582. $status = Status::find($id);
  583. if(!$status) {
  584. return response()->json(['error' => 'Cannot find status'], 400);
  585. }
  586. if($status->uri == null) {
  587. if($status->profile->user && $status->profile->user->is_admin) {
  588. return response()->json(['error' => 'Cannot moderate admin accounts'], 400);
  589. }
  590. }
  591. if($action == 'mark-spammer') {
  592. $status->profile->update([
  593. 'unlisted' => true,
  594. 'cw' => true,
  595. 'no_autolink' => true
  596. ]);
  597. Status::whereProfileId($status->profile_id)
  598. ->get()
  599. ->each(function($s) {
  600. if(in_array($s->scope, ['public', 'unlisted'])) {
  601. $s->scope = 'private';
  602. $s->visibility = 'private';
  603. }
  604. $s->is_nsfw = true;
  605. $s->save();
  606. StatusService::del($s->id, true);
  607. });
  608. Cache::forget('pf:bouncer_v0:exemption_by_pid:' . $status->profile_id);
  609. Cache::forget('pf:bouncer_v0:recent_by_pid:' . $status->profile_id);
  610. Cache::forget('admin-dash:reports:spam-count');
  611. } else if ($action == 'cw') {
  612. $state = $status->is_nsfw;
  613. $status->is_nsfw = !$state;
  614. $status->save();
  615. StatusService::del($status->id);
  616. } else if ($action == 'mark-public') {
  617. $state = $status->scope;
  618. $status->scope = 'public';
  619. $status->visibility = 'public';
  620. $status->save();
  621. StatusService::del($status->id, true);
  622. if($state !== 'public') {
  623. if($status->uri) {
  624. NetworkTimelineService::add($status->id);
  625. } else {
  626. PublicTimelineService::add($status->id);
  627. }
  628. }
  629. } else if ($action == 'mark-unlisted') {
  630. $state = $status->scope;
  631. $status->scope = 'unlisted';
  632. $status->visibility = 'unlisted';
  633. $status->save();
  634. StatusService::del($status->id);
  635. if($state == 'public') {
  636. PublicTimelineService::del($status->id);
  637. NetworkTimelineService::del($status->id);
  638. }
  639. } else if ($action == 'mark-private') {
  640. $state = $status->scope;
  641. $status->scope = 'private';
  642. $status->visibility = 'private';
  643. $status->save();
  644. StatusService::del($status->id);
  645. if($state == 'public') {
  646. PublicTimelineService::del($status->id);
  647. NetworkTimelineService::del($status->id);
  648. }
  649. } else if ($action == 'delete') {
  650. PublicTimelineService::del($status->id);
  651. NetworkTimelineService::del($status->id);
  652. Cache::forget('_api:statuses:recent_9:' . $status->profile_id);
  653. Cache::forget('profile:status_count:' . $status->profile_id);
  654. Cache::forget('profile:embed:' . $status->profile_id);
  655. StatusService::del($status->id, true);
  656. Cache::forget('profile:status_count:'.$status->profile_id);
  657. StatusDelete::dispatch($status);
  658. return [];
  659. }
  660. Cache::forget('_api:statuses:recent_9:'.$status->profile_id);
  661. return StatusService::get($status->id, false);
  662. }
  663. }