ComposeController.php 30 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855
  1. <?php
  2. namespace App\Http\Controllers;
  3. use App\Collection;
  4. use App\CollectionItem;
  5. use App\Hashtag;
  6. use App\Jobs\ImageOptimizePipeline\ImageOptimize;
  7. use App\Jobs\StatusPipeline\NewStatusPipeline;
  8. use App\Jobs\VideoPipeline\VideoThumbnail;
  9. use App\Media;
  10. use App\MediaTag;
  11. use App\Models\Poll;
  12. use App\Notification;
  13. use App\Profile;
  14. use App\Services\AccountService;
  15. use App\Services\CollectionService;
  16. use App\Services\MediaBlocklistService;
  17. use App\Services\MediaPathService;
  18. use App\Services\MediaStorageService;
  19. use App\Services\MediaTagService;
  20. use App\Services\PlaceService;
  21. use App\Services\SnowflakeService;
  22. use App\Services\UserRoleService;
  23. use App\Services\UserStorageService;
  24. use App\Status;
  25. use App\Transformer\Api\MediaTransformer;
  26. use App\UserFilter;
  27. use App\Util\Media\Filter;
  28. use App\Util\Media\License;
  29. use Auth;
  30. use Cache;
  31. use DB;
  32. use Illuminate\Http\Request;
  33. use Illuminate\Support\Str;
  34. use League\Fractal;
  35. use League\Fractal\Serializer\ArraySerializer;
  36. class ComposeController extends Controller
  37. {
  38. protected $fractal;
  39. public function __construct()
  40. {
  41. $this->middleware('auth');
  42. $this->fractal = new Fractal\Manager;
  43. $this->fractal->setSerializer(new ArraySerializer);
  44. }
  45. public function show(Request $request)
  46. {
  47. return view('status.compose');
  48. }
  49. public function mediaUpload(Request $request)
  50. {
  51. abort_if(! $request->user(), 403);
  52. $this->validate($request, [
  53. 'file.*' => [
  54. 'required_without:file',
  55. 'mimetypes:'.config_cache('pixelfed.media_types'),
  56. 'max:'.config_cache('pixelfed.max_photo_size'),
  57. ],
  58. 'file' => [
  59. 'required_without:file.*',
  60. 'mimetypes:'.config_cache('pixelfed.media_types'),
  61. 'max:'.config_cache('pixelfed.max_photo_size'),
  62. ],
  63. 'filter_name' => 'nullable|string|max:24',
  64. 'filter_class' => 'nullable|alpha_dash|max:24',
  65. ]);
  66. $user = $request->user();
  67. $profile = $user->profile;
  68. abort_if($user->has_roles && ! UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
  69. $limitKey = 'compose:rate-limit:media-upload:'.$user->id;
  70. $limitTtl = now()->addMinutes(15);
  71. $limitReached = Cache::remember($limitKey, $limitTtl, function () use ($user) {
  72. $dailyLimit = Media::whereUserId($user->id)->where('created_at', '>', now()->subDays(1))->count();
  73. return $dailyLimit >= 1250;
  74. });
  75. abort_if($limitReached == true, 429);
  76. $filterClass = in_array($request->input('filter_class'), Filter::classes()) ? $request->input('filter_class') : null;
  77. $filterName = in_array($request->input('filter_name'), Filter::names()) ? $request->input('filter_name') : null;
  78. $accountSize = UserStorageService::get($user->id);
  79. abort_if($accountSize === -1, 403, 'Invalid request.');
  80. $photo = $request->file('file');
  81. $fileSize = $photo->getSize();
  82. $sizeInKbs = (int) ceil($fileSize / 1000);
  83. $updatedAccountSize = (int) $accountSize + (int) $sizeInKbs;
  84. if ((bool) config_cache('pixelfed.enforce_account_limit') == true) {
  85. $limit = (int) config_cache('pixelfed.max_account_size');
  86. if ($updatedAccountSize >= $limit) {
  87. abort(403, 'Account size limit reached.');
  88. }
  89. }
  90. $mimes = explode(',', config_cache('pixelfed.media_types'));
  91. abort_if(in_array($photo->getMimeType(), $mimes) == false, 400, 'Invalid media format');
  92. $storagePath = MediaPathService::get($user, 2);
  93. $path = $photo->storePublicly($storagePath);
  94. $hash = \hash_file('sha256', $photo);
  95. $mime = $photo->getMimeType();
  96. abort_if(MediaBlocklistService::exists($hash) == true, 451);
  97. $media = new Media;
  98. $media->status_id = null;
  99. $media->profile_id = $profile->id;
  100. $media->user_id = $user->id;
  101. $media->media_path = $path;
  102. $media->original_sha256 = $hash;
  103. $media->size = $photo->getSize();
  104. $media->caption = '';
  105. $media->mime = $mime;
  106. $media->filter_class = $filterClass;
  107. $media->filter_name = $filterName;
  108. $media->version = '3';
  109. $media->save();
  110. $preview_url = $media->url().'?v='.time();
  111. $url = $media->url().'?v='.time();
  112. switch ($media->mime) {
  113. case 'image/jpeg':
  114. case 'image/png':
  115. case 'image/webp':
  116. case 'image/heic':
  117. case 'image/avif':
  118. ImageOptimize::dispatch($media)->onQueue('mmo');
  119. break;
  120. case 'video/mp4':
  121. VideoThumbnail::dispatch($media)->onQueue('mmo');
  122. $preview_url = '/storage/no-preview.png';
  123. $url = '/storage/no-preview.png';
  124. break;
  125. default:
  126. break;
  127. }
  128. $user->storage_used = (int) $updatedAccountSize;
  129. $user->storage_used_updated_at = now();
  130. $user->save();
  131. Cache::forget($limitKey);
  132. $resource = new Fractal\Resource\Item($media, new MediaTransformer);
  133. $res = $this->fractal->createData($resource)->toArray();
  134. $res['preview_url'] = $preview_url;
  135. $res['url'] = $url;
  136. return response()->json($res);
  137. }
  138. public function mediaUpdate(Request $request)
  139. {
  140. $this->validate($request, [
  141. 'id' => 'required',
  142. 'file' => function () {
  143. return [
  144. 'required',
  145. 'mimetypes:'.config_cache('pixelfed.media_types'),
  146. 'max:'.config_cache('pixelfed.max_photo_size'),
  147. ];
  148. },
  149. ]);
  150. $user = Auth::user();
  151. abort_if($user->has_roles && ! UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
  152. $limitKey = 'compose:rate-limit:media-updates:'.$user->id;
  153. $limitTtl = now()->addMinutes(15);
  154. $limitReached = Cache::remember($limitKey, $limitTtl, function () use ($user) {
  155. $dailyLimit = Media::whereUserId($user->id)->where('created_at', '>', now()->subDays(1))->count();
  156. return $dailyLimit >= 1500;
  157. });
  158. abort_if($limitReached == true, 429);
  159. $photo = $request->file('file');
  160. $id = $request->input('id');
  161. $media = Media::whereUserId($user->id)
  162. ->whereProfileId($user->profile_id)
  163. ->whereNull('status_id')
  164. ->findOrFail($id);
  165. $media->save();
  166. $fragments = explode('/', $media->media_path);
  167. $name = last($fragments);
  168. array_pop($fragments);
  169. $dir = implode('/', $fragments);
  170. $path = $photo->storePubliclyAs($dir, $name);
  171. $res = [
  172. 'url' => $media->url().'?v='.time(),
  173. ];
  174. ImageOptimize::dispatch($media)->onQueue('mmo');
  175. Cache::forget($limitKey);
  176. UserStorageService::recalculateUpdateStorageUsed($request->user()->id);
  177. return $res;
  178. }
  179. public function mediaDelete(Request $request)
  180. {
  181. abort_if(! $request->user(), 403);
  182. $this->validate($request, [
  183. 'id' => 'required|integer|min:1|exists:media,id',
  184. ]);
  185. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  186. $media = Media::whereNull('status_id')
  187. ->whereUserId(Auth::id())
  188. ->findOrFail($request->input('id'));
  189. MediaStorageService::delete($media, true);
  190. UserStorageService::recalculateUpdateStorageUsed($request->user()->id);
  191. return response()->json([
  192. 'msg' => 'Successfully deleted',
  193. 'code' => 200,
  194. ]);
  195. }
  196. public function searchTag(Request $request)
  197. {
  198. abort_if(! $request->user(), 403);
  199. $this->validate($request, [
  200. 'q' => [
  201. 'required',
  202. 'string',
  203. 'min:1',
  204. 'max:300',
  205. new \App\Rules\WebFinger,
  206. ],
  207. ]);
  208. $q = $request->input('q');
  209. if (Str::of($q)->startsWith('@')) {
  210. if (strlen($q) < 3) {
  211. return [];
  212. }
  213. $q = mb_substr($q, 1);
  214. }
  215. $user = $request->user();
  216. abort_if($user->has_roles && ! UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
  217. $blocked = UserFilter::whereFilterableType('App\Profile')
  218. ->whereFilterType('block')
  219. ->whereFilterableId($request->user()->profile_id)
  220. ->pluck('user_id');
  221. $blocked->push($request->user()->profile_id);
  222. $operator = config('database.default') === 'pgsql' ? 'ilike' : 'like';
  223. $results = Profile::select('id', 'domain', 'username')
  224. ->whereNotIn('id', $blocked)
  225. ->whereNull('domain')
  226. ->where('username', $operator, '%'.$q.'%')
  227. ->limit(15)
  228. ->get()
  229. ->map(function ($r) {
  230. return [
  231. 'id' => (string) $r->id,
  232. 'name' => $r->username,
  233. 'privacy' => true,
  234. 'avatar' => $r->avatarUrl(),
  235. ];
  236. });
  237. return $results;
  238. }
  239. public function searchUntag(Request $request)
  240. {
  241. abort_if(! $request->user(), 403);
  242. $this->validate($request, [
  243. 'status_id' => 'required',
  244. 'profile_id' => 'required',
  245. ]);
  246. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  247. $user = $request->user();
  248. $status_id = $request->input('status_id');
  249. $profile_id = (int) $request->input('profile_id');
  250. abort_if((int) $user->profile_id !== $profile_id, 400);
  251. $tag = MediaTag::whereStatusId($status_id)
  252. ->whereProfileId($profile_id)
  253. ->first();
  254. if (! $tag) {
  255. return [];
  256. }
  257. Notification::whereItemType('App\MediaTag')
  258. ->whereItemId($tag->id)
  259. ->whereProfileId($profile_id)
  260. ->whereAction('tagged')
  261. ->delete();
  262. MediaTagService::untag($status_id, $profile_id);
  263. return [200];
  264. }
  265. public function searchLocation(Request $request)
  266. {
  267. abort_if(! $request->user(), 403);
  268. $this->validate($request, [
  269. 'q' => 'required|string|max:100',
  270. ]);
  271. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  272. $pid = $request->user()->profile_id;
  273. abort_if(! $pid, 400);
  274. $q = e($request->input('q'));
  275. $popular = Cache::remember('pf:search:location:v1:popular', 1209600, function () {
  276. $minId = SnowflakeService::byDate(now()->subDays(290));
  277. if (config('database.default') == 'pgsql') {
  278. return Status::selectRaw('id, place_id, count(place_id) as pc')
  279. ->whereNotNull('place_id')
  280. ->where('id', '>', $minId)
  281. ->orderByDesc('pc')
  282. ->groupBy(['place_id', 'id'])
  283. ->limit(400)
  284. ->get()
  285. ->filter(function ($post) {
  286. return $post;
  287. })
  288. ->map(function ($place) {
  289. return [
  290. 'id' => $place->place_id,
  291. 'count' => $place->pc,
  292. ];
  293. })
  294. ->unique('id')
  295. ->values();
  296. }
  297. return Status::selectRaw('id, place_id, count(place_id) as pc')
  298. ->whereNotNull('place_id')
  299. ->where('id', '>', $minId)
  300. ->groupBy('place_id')
  301. ->orderByDesc('pc')
  302. ->limit(400)
  303. ->get()
  304. ->filter(function ($post) {
  305. return $post;
  306. })
  307. ->map(function ($place) {
  308. return [
  309. 'id' => $place->place_id,
  310. 'count' => $place->pc,
  311. ];
  312. });
  313. });
  314. $q = '%'.$q.'%';
  315. $wildcard = config('database.default') === 'pgsql' ? 'ilike' : 'like';
  316. $places = DB::table('places')
  317. ->where('name', $wildcard, $q)
  318. ->limit((strlen($q) > 5 ? 360 : 30))
  319. ->get()
  320. ->sortByDesc(function ($place, $key) use ($popular) {
  321. return $popular->filter(function ($p) use ($place) {
  322. return $p['id'] == $place->id;
  323. })->map(function ($p) use ($place) {
  324. return in_array($place->country, ['Canada', 'USA', 'France', 'Germany', 'United Kingdom']) ? $p['count'] : 1;
  325. })->values();
  326. })
  327. ->map(function ($r) {
  328. return [
  329. 'id' => $r->id,
  330. 'name' => $r->name,
  331. 'country' => $r->country,
  332. 'url' => url('/discover/places/'.$r->id.'/'.$r->slug),
  333. ];
  334. })
  335. ->values()
  336. ->all();
  337. return $places;
  338. }
  339. public function searchMentionAutocomplete(Request $request)
  340. {
  341. abort_if(! $request->user(), 403);
  342. $this->validate($request, [
  343. 'q' => 'required|string|min:2|max:50',
  344. ]);
  345. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  346. $q = $request->input('q');
  347. if (Str::of($q)->startsWith('@')) {
  348. if (strlen($q) < 3) {
  349. return [];
  350. }
  351. }
  352. $blocked = UserFilter::whereFilterableType('App\Profile')
  353. ->whereFilterType('block')
  354. ->whereFilterableId($request->user()->profile_id)
  355. ->pluck('user_id');
  356. $blocked->push($request->user()->profile_id);
  357. $results = Profile::select('id', 'domain', 'username')
  358. ->whereNotIn('id', $blocked)
  359. ->where('username', 'like', '%'.$q.'%')
  360. ->groupBy('id', 'domain')
  361. ->limit(15)
  362. ->get()
  363. ->map(function ($profile) {
  364. $username = $profile->domain ? substr($profile->username, 1) : $profile->username;
  365. return [
  366. 'key' => '@'.str_limit($username, 30),
  367. 'value' => $username,
  368. ];
  369. });
  370. return $results;
  371. }
  372. public function searchHashtagAutocomplete(Request $request)
  373. {
  374. abort_if(! $request->user(), 403);
  375. $this->validate($request, [
  376. 'q' => 'required|string|min:2|max:50',
  377. ]);
  378. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  379. $q = $request->input('q');
  380. $results = Hashtag::select('slug')
  381. ->where('slug', 'like', '%'.$q.'%')
  382. ->whereIsNsfw(false)
  383. ->whereIsBanned(false)
  384. ->limit(5)
  385. ->get()
  386. ->map(function ($tag) {
  387. return [
  388. 'key' => '#'.$tag->slug,
  389. 'value' => $tag->slug,
  390. ];
  391. });
  392. return $results;
  393. }
  394. public function store(Request $request)
  395. {
  396. $this->validate($request, [
  397. 'caption' => 'nullable|string|max:'.config_cache('pixelfed.max_caption_length', 500),
  398. 'media.*' => 'required',
  399. 'media.*.id' => 'required|integer|min:1',
  400. 'media.*.filter_class' => 'nullable|alpha_dash|max:30',
  401. 'media.*.license' => 'nullable|string|max:140',
  402. 'media.*.alt' => 'nullable|string|max:'.config_cache('pixelfed.max_altext_length'),
  403. 'cw' => 'nullable|boolean',
  404. 'visibility' => 'required|string|in:public,private,unlisted|min:2|max:10',
  405. 'place' => 'nullable',
  406. 'comments_disabled' => 'nullable',
  407. 'tagged' => 'nullable',
  408. 'license' => 'nullable|integer|min:1|max:16',
  409. 'collections' => 'sometimes|array|min:1|max:5',
  410. 'spoiler_text' => 'nullable|string|max:140',
  411. // 'optimize_media' => 'nullable'
  412. ]);
  413. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  414. if (config('costar.enabled') == true) {
  415. $blockedKeywords = config('costar.keyword.block');
  416. if ($blockedKeywords !== null && $request->caption) {
  417. $keywords = config('costar.keyword.block');
  418. foreach ($keywords as $kw) {
  419. if (Str::contains($request->caption, $kw) == true) {
  420. abort(400, 'Invalid object');
  421. }
  422. }
  423. }
  424. }
  425. $user = $request->user();
  426. $profile = $user->profile;
  427. $limitKey = 'compose:rate-limit:store:'.$user->id;
  428. $limitTtl = now()->addMinutes(15);
  429. // $limitReached = Cache::remember($limitKey, $limitTtl, function () use ($user) {
  430. // $dailyLimit = Status::whereProfileId($user->profile_id)
  431. // ->whereNull('in_reply_to_id')
  432. // ->whereNull('reblog_of_id')
  433. // ->where('created_at', '>', now()->subDays(1))
  434. // ->count();
  435. // return $dailyLimit >= 1000;
  436. // });
  437. // abort_if($limitReached == true, 429);
  438. $license = in_array($request->input('license'), License::keys()) ? $request->input('license') : null;
  439. $visibility = $request->input('visibility');
  440. $medias = $request->input('media');
  441. $attachments = [];
  442. $status = new Status;
  443. $mimes = [];
  444. $place = $request->input('place');
  445. $cw = $request->input('cw');
  446. $tagged = $request->input('tagged');
  447. $optimize_media = (bool) $request->input('optimize_media');
  448. foreach ($medias as $k => $media) {
  449. if ($k + 1 > config_cache('pixelfed.max_album_length')) {
  450. continue;
  451. }
  452. $m = Media::findOrFail($media['id']);
  453. if ($m->profile_id !== $profile->id || $m->status_id) {
  454. abort(403, 'Invalid media id');
  455. }
  456. $m->filter_class = in_array($media['filter_class'], Filter::classes()) ? $media['filter_class'] : null;
  457. $m->license = $license;
  458. $m->caption = isset($media['alt']) ? strip_tags($media['alt']) : null;
  459. $m->order = isset($media['cursor']) && is_int($media['cursor']) ? (int) $media['cursor'] : $k;
  460. if ($cw == true || $profile->cw == true) {
  461. $m->is_nsfw = $cw;
  462. $status->is_nsfw = $cw;
  463. }
  464. $m->save();
  465. $attachments[] = $m;
  466. array_push($mimes, $m->mime);
  467. }
  468. abort_if(empty($attachments), 422);
  469. $mediaType = StatusController::mimeTypeCheck($mimes);
  470. if (in_array($mediaType, ['photo', 'video', 'photo:album']) == false) {
  471. abort(400, __('exception.compose.invalid.album'));
  472. }
  473. if ($place && is_array($place)) {
  474. $status->place_id = $place['id'];
  475. PlaceService::clearStatusesByPlaceId($place['id']);
  476. }
  477. if ($request->filled('comments_disabled')) {
  478. $status->comments_disabled = (bool) $request->input('comments_disabled');
  479. }
  480. if ($request->filled('spoiler_text') && $cw) {
  481. $status->cw_summary = $request->input('spoiler_text');
  482. }
  483. $defaultCaption = '';
  484. $status->caption = strip_tags($request->input('caption')) ?? $defaultCaption;
  485. $status->rendered = $defaultCaption;
  486. $status->scope = 'draft';
  487. $status->visibility = 'draft';
  488. $status->profile_id = $profile->id;
  489. $status->save();
  490. foreach ($attachments as $media) {
  491. $media->status_id = $status->id;
  492. $media->save();
  493. }
  494. $visibility = $profile->unlisted == true && $visibility == 'public' ? 'unlisted' : $visibility;
  495. $visibility = $profile->is_private ? 'private' : $visibility;
  496. $cw = $profile->cw == true ? true : $cw;
  497. $status->is_nsfw = $cw;
  498. $status->visibility = $visibility;
  499. $status->scope = $visibility;
  500. $status->type = $mediaType;
  501. $status->save();
  502. foreach ($tagged as $tg) {
  503. $mt = new MediaTag;
  504. $mt->status_id = $status->id;
  505. $mt->media_id = $status->media->first()->id;
  506. $mt->profile_id = $tg['id'];
  507. $mt->tagged_username = $tg['name'];
  508. $mt->is_public = true;
  509. $mt->metadata = json_encode([
  510. '_v' => 1,
  511. ]);
  512. $mt->save();
  513. MediaTagService::set($mt->status_id, $mt->profile_id);
  514. MediaTagService::sendNotification($mt);
  515. }
  516. if ($request->filled('collections')) {
  517. $collections = Collection::whereProfileId($profile->id)
  518. ->find($request->input('collections'))
  519. ->each(function ($collection) use ($status) {
  520. $count = $collection->items()->count();
  521. CollectionItem::firstOrCreate([
  522. 'collection_id' => $collection->id,
  523. 'object_type' => 'App\Status',
  524. 'object_id' => $status->id,
  525. ], [
  526. 'order' => $count,
  527. ]);
  528. CollectionService::addItem(
  529. $collection->id,
  530. $status->id,
  531. $count
  532. );
  533. $collection->updated_at = now();
  534. $collection->save();
  535. CollectionService::setCollection($collection->id, $collection);
  536. });
  537. }
  538. Cache::forget('user:account:id:'.$profile->user_id);
  539. Cache::forget('_api:statuses:recent_9:'.$profile->id);
  540. Cache::forget('profile:status_count:'.$profile->id);
  541. Cache::forget('status:transformer:media:attachments:'.$status->id);
  542. Cache::forget('profile:embed:'.$status->profile_id);
  543. Cache::forget($limitKey);
  544. NewStatusPipeline::dispatch($status);
  545. return $status->url();
  546. }
  547. public function storeText(Request $request)
  548. {
  549. abort_unless(config('exp.top'), 404);
  550. $this->validate($request, [
  551. 'caption' => 'nullable|string|max:'.config_cache('pixelfed.max_caption_length', 500),
  552. 'cw' => 'nullable|boolean',
  553. 'visibility' => 'required|string|in:public,private,unlisted|min:2|max:10',
  554. 'place' => 'nullable',
  555. 'comments_disabled' => 'nullable',
  556. 'tagged' => 'nullable',
  557. ]);
  558. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  559. if (config('costar.enabled') == true) {
  560. $blockedKeywords = config('costar.keyword.block');
  561. if ($blockedKeywords !== null && $request->caption) {
  562. $keywords = config('costar.keyword.block');
  563. foreach ($keywords as $kw) {
  564. if (Str::contains($request->caption, $kw) == true) {
  565. abort(400, 'Invalid object');
  566. }
  567. }
  568. }
  569. }
  570. $user = $request->user();
  571. $profile = $user->profile;
  572. $visibility = $request->input('visibility');
  573. $status = new Status;
  574. $place = $request->input('place');
  575. $cw = $request->input('cw');
  576. $tagged = $request->input('tagged');
  577. $defaultCaption = config_cache('database.default') === 'mysql' ? null : '';
  578. if ($place && is_array($place)) {
  579. $status->place_id = $place['id'];
  580. }
  581. if ($request->filled('comments_disabled')) {
  582. $status->comments_disabled = (bool) $request->input('comments_disabled');
  583. }
  584. $status->caption = $request->filled('caption') ? strip_tags($request->caption) : $defaultCaption;
  585. $status->rendered = $defaultCaption;
  586. $status->profile_id = $profile->id;
  587. $entities = [];
  588. $visibility = $profile->unlisted == true && $visibility == 'public' ? 'unlisted' : $visibility;
  589. $cw = $profile->cw == true ? true : $cw;
  590. $status->is_nsfw = $cw;
  591. $status->visibility = $visibility;
  592. $status->scope = $visibility;
  593. $status->type = 'text';
  594. $status->entities = json_encode(array_merge([
  595. 'timg' => [
  596. 'version' => 0,
  597. 'bg_id' => 1,
  598. 'font_size' => strlen($status->caption) <= 140 ? 'h1' : 'h3',
  599. 'length' => strlen($status->caption),
  600. ],
  601. ], $entities), JSON_UNESCAPED_SLASHES);
  602. $status->save();
  603. foreach ($tagged as $tg) {
  604. $mt = new MediaTag;
  605. $mt->status_id = $status->id;
  606. $mt->media_id = $status->media->first()->id;
  607. $mt->profile_id = $tg['id'];
  608. $mt->tagged_username = $tg['name'];
  609. $mt->is_public = true;
  610. $mt->metadata = json_encode([
  611. '_v' => 1,
  612. ]);
  613. $mt->save();
  614. MediaTagService::set($mt->status_id, $mt->profile_id);
  615. MediaTagService::sendNotification($mt);
  616. }
  617. Cache::forget('user:account:id:'.$profile->user_id);
  618. Cache::forget('_api:statuses:recent_9:'.$profile->id);
  619. Cache::forget('profile:status_count:'.$profile->id);
  620. return $status->url();
  621. }
  622. public function mediaProcessingCheck(Request $request)
  623. {
  624. $this->validate($request, [
  625. 'id' => 'required|integer|min:1',
  626. ]);
  627. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  628. $media = Media::whereUserId($request->user()->id)
  629. ->whereNull('status_id')
  630. ->findOrFail($request->input('id'));
  631. if (config('pixelfed.media_fast_process')) {
  632. return [
  633. 'finished' => true,
  634. ];
  635. }
  636. $finished = false;
  637. switch ($media->mime) {
  638. case 'image/jpeg':
  639. case 'image/png':
  640. case 'video/mp4':
  641. $finished = (bool) config_cache('pixelfed.cloud_storage') ? (bool) $media->cdn_url : (bool) $media->processed_at;
  642. break;
  643. default:
  644. // code...
  645. break;
  646. }
  647. return [
  648. 'finished' => $finished,
  649. ];
  650. }
  651. public function composeSettings(Request $request)
  652. {
  653. $uid = $request->user()->id;
  654. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  655. $types = config_cache('pixelfed.media_types');
  656. if (str_contains($types, ',')) {
  657. $types = explode(',', $types);
  658. }
  659. $default = [
  660. 'allowed_media_types' => $types,
  661. 'max_caption_length' => (int) config_cache('pixelfed.max_caption_length'),
  662. 'default_license' => 1,
  663. 'media_descriptions' => false,
  664. 'max_file_size' => (int) config_cache('pixelfed.max_photo_size'),
  665. 'max_media_attachments' => (int) config_cache('pixelfed.max_album_length'),
  666. 'max_altext_length' => (int) config_cache('pixelfed.max_altext_length'),
  667. ];
  668. $settings = AccountService::settings($uid);
  669. if (isset($settings['other']) && isset($settings['other']['scope'])) {
  670. $s = $settings['compose_settings'];
  671. $s['default_scope'] = $settings['other']['scope'];
  672. $settings['compose_settings'] = $s;
  673. }
  674. $res = array_merge($default, $settings['compose_settings']);
  675. return response()->json($res, 200, [], JSON_UNESCAPED_SLASHES);
  676. }
  677. public function createPoll(Request $request)
  678. {
  679. $this->validate($request, [
  680. 'caption' => 'nullable|string|max:'.config_cache('pixelfed.max_caption_length', 500),
  681. 'cw' => 'nullable|boolean',
  682. 'visibility' => 'required|string|in:public,private',
  683. 'comments_disabled' => 'nullable',
  684. 'expiry' => 'required|in:60,360,1440,10080',
  685. 'pollOptions' => 'required|array|min:1|max:4',
  686. ]);
  687. abort(404);
  688. abort_if(config('instance.polls.enabled') == false, 404, 'Polls not enabled');
  689. abort_if($request->user()->has_roles && ! UserRoleService::can('can-post', $request->user()->id), 403, 'Invalid permissions for this action');
  690. abort_if(Status::whereType('poll')
  691. ->whereProfileId($request->user()->profile_id)
  692. ->whereCaption($request->input('caption'))
  693. ->where('created_at', '>', now()->subDays(2))
  694. ->exists(), 422, 'Duplicate detected.');
  695. $status = new Status;
  696. $status->profile_id = $request->user()->profile_id;
  697. $status->caption = $request->input('caption');
  698. $status->visibility = 'draft';
  699. $status->scope = 'draft';
  700. $status->type = 'poll';
  701. $status->local = true;
  702. $status->save();
  703. $poll = new Poll;
  704. $poll->status_id = $status->id;
  705. $poll->profile_id = $status->profile_id;
  706. $poll->poll_options = $request->input('pollOptions');
  707. $poll->expires_at = now()->addMinutes($request->input('expiry'));
  708. $poll->cached_tallies = collect($poll->poll_options)->map(function ($o) {
  709. return 0;
  710. })->toArray();
  711. $poll->save();
  712. $status->visibility = $request->input('visibility');
  713. $status->scope = $request->input('visibility');
  714. $status->save();
  715. NewStatusPipeline::dispatch($status);
  716. return ['url' => $status->url()];
  717. }
  718. }