diff --git a/app/controllers/api/activitypub/activities_controller.rb b/app/controllers/api/activitypub/activities_controller.rb index 025ab960..740c8589 100644 --- a/app/controllers/api/activitypub/activities_controller.rb +++ b/app/controllers/api/activitypub/activities_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Activitypub::ActivitiesController < ApiController +class Api::Activitypub::ActivitiesController < Api::BaseController include Authorization # before_action :set_follow, only: [:show_follow] diff --git a/app/controllers/api/activitypub/notes_controller.rb b/app/controllers/api/activitypub/notes_controller.rb index ff938341..783c1c4e 100644 --- a/app/controllers/api/activitypub/notes_controller.rb +++ b/app/controllers/api/activitypub/notes_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Activitypub::NotesController < ApiController +class Api::Activitypub::NotesController < Api::BaseController include Authorization before_action :set_status diff --git a/app/controllers/api/activitypub/outbox_controller.rb b/app/controllers/api/activitypub/outbox_controller.rb index 7b6cbdd3..0738d7de 100644 --- a/app/controllers/api/activitypub/outbox_controller.rb +++ b/app/controllers/api/activitypub/outbox_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Activitypub::OutboxController < ApiController +class Api::Activitypub::OutboxController < Api::BaseController before_action :set_account respond_to :activitystreams2 diff --git a/app/controllers/api_controller.rb b/app/controllers/api/base_controller.rb similarity index 98% rename from app/controllers/api_controller.rb rename to app/controllers/api/base_controller.rb index 42b85865..c1b2ec3c 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class ApiController < ApplicationController +class Api::BaseController < ApplicationController DEFAULT_STATUSES_LIMIT = 20 DEFAULT_ACCOUNTS_LIMIT = 40 diff --git a/app/controllers/api/oembed_controller.rb b/app/controllers/api/oembed_controller.rb index 57618835..6e3e34d9 100644 --- a/app/controllers/api/oembed_controller.rb +++ b/app/controllers/api/oembed_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::OEmbedController < ApiController +class Api::OEmbedController < Api::BaseController respond_to :json def show diff --git a/app/controllers/api/push_controller.rb b/app/controllers/api/push_controller.rb index 75a1f757..95186714 100644 --- a/app/controllers/api/push_controller.rb +++ b/app/controllers/api/push_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::PushController < ApiController +class Api::PushController < Api::BaseController def update response, status = process_push_request render plain: response, status: status diff --git a/app/controllers/api/salmon_controller.rb b/app/controllers/api/salmon_controller.rb index f611b48a..e9e700b1 100644 --- a/app/controllers/api/salmon_controller.rb +++ b/app/controllers/api/salmon_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::SalmonController < ApiController +class Api::SalmonController < Api::BaseController before_action :set_account respond_to :txt diff --git a/app/controllers/api/subscriptions_controller.rb b/app/controllers/api/subscriptions_controller.rb index dd2f42aa..d3ea9867 100644 --- a/app/controllers/api/subscriptions_controller.rb +++ b/app/controllers/api/subscriptions_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::SubscriptionsController < ApiController +class Api::SubscriptionsController < Api::BaseController before_action :set_account respond_to :txt diff --git a/app/controllers/api/v1/accounts/credentials_controller.rb b/app/controllers/api/v1/accounts/credentials_controller.rb index 8f2ded29..1cf52ff1 100644 --- a/app/controllers/api/v1/accounts/credentials_controller.rb +++ b/app/controllers/api/v1/accounts/credentials_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::CredentialsController < ApiController +class Api::V1::Accounts::CredentialsController < Api::BaseController before_action -> { doorkeeper_authorize! :write }, only: [:update] before_action :require_user! diff --git a/app/controllers/api/v1/accounts/follower_accounts_controller.rb b/app/controllers/api/v1/accounts/follower_accounts_controller.rb index 3e9da29e..81aae56d 100644 --- a/app/controllers/api/v1/accounts/follower_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/follower_accounts_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::FollowerAccountsController < ApiController +class Api::V1::Accounts::FollowerAccountsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/accounts/following_accounts_controller.rb b/app/controllers/api/v1/accounts/following_accounts_controller.rb index 732961aa..63c6d54b 100644 --- a/app/controllers/api/v1/accounts/following_accounts_controller.rb +++ b/app/controllers/api/v1/accounts/following_accounts_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::FollowingAccountsController < ApiController +class Api::V1::Accounts::FollowingAccountsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/accounts/relationships_controller.rb b/app/controllers/api/v1/accounts/relationships_controller.rb index d1a4f178..cb923ab9 100644 --- a/app/controllers/api/v1/accounts/relationships_controller.rb +++ b/app/controllers/api/v1/accounts/relationships_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::RelationshipsController < ApiController +class Api::V1::Accounts::RelationshipsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! diff --git a/app/controllers/api/v1/accounts/search_controller.rb b/app/controllers/api/v1/accounts/search_controller.rb index 6d4c6e4c..c4a8f97f 100644 --- a/app/controllers/api/v1/accounts/search_controller.rb +++ b/app/controllers/api/v1/accounts/search_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::SearchController < ApiController +class Api::V1::Accounts::SearchController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! diff --git a/app/controllers/api/v1/accounts/statuses_controller.rb b/app/controllers/api/v1/accounts/statuses_controller.rb index 1e0d2a74..504ed8c0 100644 --- a/app/controllers/api/v1/accounts/statuses_controller.rb +++ b/app/controllers/api/v1/accounts/statuses_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Accounts::StatusesController < ApiController +class Api::V1::Accounts::StatusesController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :set_account after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/accounts_controller.rb b/app/controllers/api/v1/accounts_controller.rb index 3b23e996..8fc0dd36 100644 --- a/app/controllers/api/v1/accounts_controller.rb +++ b/app/controllers/api/v1/accounts_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::AccountsController < ApiController +class Api::V1::AccountsController < Api::BaseController before_action -> { doorkeeper_authorize! :read }, except: [:follow, :unfollow, :block, :unblock, :mute, :unmute] before_action -> { doorkeeper_authorize! :follow }, only: [:follow, :unfollow, :block, :unblock, :mute, :unmute] before_action :require_user!, except: [:show] diff --git a/app/controllers/api/v1/apps_controller.rb b/app/controllers/api/v1/apps_controller.rb index 54f8d40b..98e90894 100644 --- a/app/controllers/api/v1/apps_controller.rb +++ b/app/controllers/api/v1/apps_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::AppsController < ApiController +class Api::V1::AppsController < Api::BaseController respond_to :json def create diff --git a/app/controllers/api/v1/blocks_controller.rb b/app/controllers/api/v1/blocks_controller.rb index d15cb439..1702953c 100644 --- a/app/controllers/api/v1/blocks_controller.rb +++ b/app/controllers/api/v1/blocks_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::BlocksController < ApiController +class Api::V1::BlocksController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/domain_blocks_controller.rb b/app/controllers/api/v1/domain_blocks_controller.rb index 772c0468..e93dc603 100644 --- a/app/controllers/api/v1/domain_blocks_controller.rb +++ b/app/controllers/api/v1/domain_blocks_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::DomainBlocksController < ApiController +class Api::V1::DomainBlocksController < Api::BaseController BLOCK_LIMIT = 100 before_action -> { doorkeeper_authorize! :follow } diff --git a/app/controllers/api/v1/favourites_controller.rb b/app/controllers/api/v1/favourites_controller.rb index a74db92a..fe0819a3 100644 --- a/app/controllers/api/v1/favourites_controller.rb +++ b/app/controllers/api/v1/favourites_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::FavouritesController < ApiController +class Api::V1::FavouritesController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/follow_requests_controller.rb b/app/controllers/api/v1/follow_requests_controller.rb index 8a8d40d7..eed22ef4 100644 --- a/app/controllers/api/v1/follow_requests_controller.rb +++ b/app/controllers/api/v1/follow_requests_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::FollowRequestsController < ApiController +class Api::V1::FollowRequestsController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! after_action :insert_pagination_headers, only: :index diff --git a/app/controllers/api/v1/follows_controller.rb b/app/controllers/api/v1/follows_controller.rb index 67d82339..bcdb4e17 100644 --- a/app/controllers/api/v1/follows_controller.rb +++ b/app/controllers/api/v1/follows_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::FollowsController < ApiController +class Api::V1::FollowsController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! diff --git a/app/controllers/api/v1/instances_controller.rb b/app/controllers/api/v1/instances_controller.rb index 51d92838..ce218187 100644 --- a/app/controllers/api/v1/instances_controller.rb +++ b/app/controllers/api/v1/instances_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::InstancesController < ApiController +class Api::V1::InstancesController < Api::BaseController respond_to :json def show; end diff --git a/app/controllers/api/v1/media_controller.rb b/app/controllers/api/v1/media_controller.rb index 3d7dcef4..25a33131 100644 --- a/app/controllers/api/v1/media_controller.rb +++ b/app/controllers/api/v1/media_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::MediaController < ApiController +class Api::V1::MediaController < Api::BaseController before_action -> { doorkeeper_authorize! :write } before_action :require_user! diff --git a/app/controllers/api/v1/mutes_controller.rb b/app/controllers/api/v1/mutes_controller.rb index b9ac7417..2a353df0 100644 --- a/app/controllers/api/v1/mutes_controller.rb +++ b/app/controllers/api/v1/mutes_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::MutesController < ApiController +class Api::V1::MutesController < Api::BaseController before_action -> { doorkeeper_authorize! :follow } before_action :require_user! after_action :insert_pagination_headers diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb index 1cd4ca40..20b28776 100644 --- a/app/controllers/api/v1/notifications_controller.rb +++ b/app/controllers/api/v1/notifications_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::NotificationsController < ApiController +class Api::V1::NotificationsController < Api::BaseController before_action -> { doorkeeper_authorize! :read } before_action :require_user! after_action :insert_pagination_headers, only: :index diff --git a/app/controllers/api/v1/reports_controller.rb b/app/controllers/api/v1/reports_controller.rb index e0f9ed23..71df76e9 100644 --- a/app/controllers/api/v1/reports_controller.rb +++ b/app/controllers/api/v1/reports_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::ReportsController < ApiController +class Api::V1::ReportsController < Api::BaseController before_action -> { doorkeeper_authorize! :read }, except: [:create] before_action -> { doorkeeper_authorize! :write }, only: [:create] before_action :require_user! diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb index 1ee2589a..8b832148 100644 --- a/app/controllers/api/v1/search_controller.rb +++ b/app/controllers/api/v1/search_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::SearchController < ApiController +class Api::V1::SearchController < Api::BaseController RESULTS_LIMIT = 5 respond_to :json diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 7386d715..53fb1619 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::StatusesController < ApiController +class Api::V1::StatusesController < Api::BaseController include Authorization before_action :authorize_if_got_token, except: [:create, :destroy, :reblog, :unreblog, :favourite, :unfavourite, :mute, :unmute] diff --git a/app/controllers/api/v1/streaming_controller.rb b/app/controllers/api/v1/streaming_controller.rb index 37795147..66b812e7 100644 --- a/app/controllers/api/v1/streaming_controller.rb +++ b/app/controllers/api/v1/streaming_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::StreamingController < ApiController +class Api::V1::StreamingController < Api::BaseController respond_to :json def index diff --git a/app/controllers/api/v1/timelines/home_controller.rb b/app/controllers/api/v1/timelines/home_controller.rb index 29e570fa..511d2f65 100644 --- a/app/controllers/api/v1/timelines/home_controller.rb +++ b/app/controllers/api/v1/timelines/home_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Timelines::HomeController < ApiController +class Api::V1::Timelines::HomeController < Api::BaseController before_action -> { doorkeeper_authorize! :read }, only: [:show] before_action :require_user!, only: [:show] after_action :insert_pagination_headers, unless: -> { @statuses.empty? } diff --git a/app/controllers/api/v1/timelines/public_controller.rb b/app/controllers/api/v1/timelines/public_controller.rb index cd3663d5..305451cc 100644 --- a/app/controllers/api/v1/timelines/public_controller.rb +++ b/app/controllers/api/v1/timelines/public_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Timelines::PublicController < ApiController +class Api::V1::Timelines::PublicController < Api::BaseController after_action :insert_pagination_headers, unless: -> { @statuses.empty? } respond_to :json diff --git a/app/controllers/api/v1/timelines/tag_controller.rb b/app/controllers/api/v1/timelines/tag_controller.rb index 0481f5de..50afca7c 100644 --- a/app/controllers/api/v1/timelines/tag_controller.rb +++ b/app/controllers/api/v1/timelines/tag_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::V1::Timelines::TagController < ApiController +class Api::V1::Timelines::TagController < Api::BaseController before_action :load_tag after_action :insert_pagination_headers, unless: -> { @statuses.empty? } diff --git a/app/controllers/api/web/settings_controller.rb b/app/controllers/api/web/settings_controller.rb index 7cceb0df..f6739d50 100644 --- a/app/controllers/api/web/settings_controller.rb +++ b/app/controllers/api/web/settings_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Web::SettingsController < ApiController +class Api::Web::SettingsController < Api::BaseController respond_to :json before_action :require_user! diff --git a/spec/controllers/api/base_controller_spec.rb b/spec/controllers/api/base_controller_spec.rb new file mode 100644 index 00000000..7d5e0116 --- /dev/null +++ b/spec/controllers/api/base_controller_spec.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +require 'rails_helper' + +class FakeService; end + +describe Api::BaseController do + controller do + def success + head 200 + end + + def error + FakeService.new + end + end + + describe 'Forgery protection' do + before do + routes.draw { post 'success' => 'api/base#success' } + end + + it 'does not protect from forgery' do + ActionController::Base.allow_forgery_protection = true + post 'success' + expect(response).to have_http_status(:success) + end + end + + describe 'Error handling' do + ERRORS_WITH_CODES = { + ActiveRecord::RecordInvalid => 422, + Mastodon::ValidationError => 422, + ActiveRecord::RecordNotFound => 404, + Goldfinger::Error => 422, + HTTP::Error => 503, + OpenSSL::SSL::SSLError => 503, + Mastodon::NotPermittedError => 403, + } + + before do + routes.draw { get 'error' => 'api/base#error' } + end + + ERRORS_WITH_CODES.each do |error, code| + it "Handles error class of #{error}" do + expect(FakeService).to receive(:new).and_raise(error) + + get 'error' + expect(response).to have_http_status(code) + end + end + end +end diff --git a/spec/controllers/api_controller_spec.rb b/spec/controllers/api_controller_spec.rb deleted file mode 100644 index 44be4276..00000000 --- a/spec/controllers/api_controller_spec.rb +++ /dev/null @@ -1,21 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -describe ApiController, type: :controller do - controller do - def success - head 200 - end - end - - before do - routes.draw { post 'success' => 'api#success' } - end - - it 'does not protect from forgery' do - ActionController::Base.allow_forgery_protection = true - post 'success' - expect(response).to have_http_status(:success) - end -end