[feature] Implement profile API (#2926)
* Implement profile API This Mastodon 4.2 extension provides capabilities missing from the existing Mastodon account update API: deleting an account's avatar or header. See: https://docs.joinmastodon.org/methods/profile/ * Move profile media methods to media processor * Remove check for moved account
This commit is contained in:
parent
f9a4a6120d
commit
975e92b7f1
|
@ -7276,6 +7276,60 @@ paths:
|
||||||
summary: Return an object of user preferences.
|
summary: Return an object of user preferences.
|
||||||
tags:
|
tags:
|
||||||
- preferences
|
- preferences
|
||||||
|
/api/v1/profile/avatar:
|
||||||
|
delete:
|
||||||
|
description: If the account doesn't have an avatar, the call succeeds anyway.
|
||||||
|
operationId: accountAvatarDelete
|
||||||
|
produces:
|
||||||
|
- application/json
|
||||||
|
responses:
|
||||||
|
"200":
|
||||||
|
description: The updated account, including profile source information.
|
||||||
|
schema:
|
||||||
|
$ref: '#/definitions/account'
|
||||||
|
"400":
|
||||||
|
description: bad request
|
||||||
|
"401":
|
||||||
|
description: unauthorized
|
||||||
|
"403":
|
||||||
|
description: forbidden
|
||||||
|
"406":
|
||||||
|
description: not acceptable
|
||||||
|
"500":
|
||||||
|
description: internal server error
|
||||||
|
security:
|
||||||
|
- OAuth2 Bearer:
|
||||||
|
- admin
|
||||||
|
summary: Delete the authenticated account's avatar.
|
||||||
|
tags:
|
||||||
|
- accounts
|
||||||
|
/api/v1/profile/header:
|
||||||
|
delete:
|
||||||
|
description: If the account doesn't have a header, the call succeeds anyway.
|
||||||
|
operationId: accountHeaderDelete
|
||||||
|
produces:
|
||||||
|
- application/json
|
||||||
|
responses:
|
||||||
|
"200":
|
||||||
|
description: The updated account, including profile source information.
|
||||||
|
schema:
|
||||||
|
$ref: '#/definitions/account'
|
||||||
|
"400":
|
||||||
|
description: bad request
|
||||||
|
"401":
|
||||||
|
description: unauthorized
|
||||||
|
"403":
|
||||||
|
description: forbidden
|
||||||
|
"406":
|
||||||
|
description: not acceptable
|
||||||
|
"500":
|
||||||
|
description: internal server error
|
||||||
|
security:
|
||||||
|
- OAuth2 Bearer:
|
||||||
|
- admin
|
||||||
|
summary: Delete the authenticated account's header.
|
||||||
|
tags:
|
||||||
|
- accounts
|
||||||
/api/v1/reports:
|
/api/v1/reports:
|
||||||
get:
|
get:
|
||||||
description: |-
|
description: |-
|
||||||
|
|
|
@ -56,6 +56,11 @@ const (
|
||||||
MovePath = BasePath + "/move"
|
MovePath = BasePath + "/move"
|
||||||
AliasPath = BasePath + "/alias"
|
AliasPath = BasePath + "/alias"
|
||||||
ThemesPath = BasePath + "/themes"
|
ThemesPath = BasePath + "/themes"
|
||||||
|
|
||||||
|
// ProfileBasePath for the profile API, an extension of the account update API with a different path.
|
||||||
|
ProfileBasePath = "/v1/profile"
|
||||||
|
AvatarPath = ProfileBasePath + "/avatar"
|
||||||
|
HeaderPath = ProfileBasePath + "/header"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Module struct {
|
type Module struct {
|
||||||
|
@ -84,6 +89,10 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
|
||||||
// modify account
|
// modify account
|
||||||
attachHandler(http.MethodPatch, UpdatePath, m.AccountUpdateCredentialsPATCHHandler)
|
attachHandler(http.MethodPatch, UpdatePath, m.AccountUpdateCredentialsPATCHHandler)
|
||||||
|
|
||||||
|
// modify account profile media
|
||||||
|
attachHandler(http.MethodDelete, AvatarPath, m.AccountAvatarDELETEHandler)
|
||||||
|
attachHandler(http.MethodDelete, HeaderPath, m.AccountHeaderDELETEHandler)
|
||||||
|
|
||||||
// get account's statuses
|
// get account's statuses
|
||||||
attachHandler(http.MethodGet, StatusesPath, m.AccountStatusesGETHandler)
|
attachHandler(http.MethodGet, StatusesPath, m.AccountStatusesGETHandler)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,123 @@
|
||||||
|
// GoToSocial
|
||||||
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
||||||
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
package accounts
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
||||||
|
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/oauth"
|
||||||
|
)
|
||||||
|
|
||||||
|
// AccountAvatarDELETEHandler swagger:operation DELETE /api/v1/profile/avatar accountAvatarDelete
|
||||||
|
//
|
||||||
|
// Delete the authenticated account's avatar.
|
||||||
|
// If the account doesn't have an avatar, the call succeeds anyway.
|
||||||
|
//
|
||||||
|
// ---
|
||||||
|
// tags:
|
||||||
|
// - accounts
|
||||||
|
//
|
||||||
|
// produces:
|
||||||
|
// - application/json
|
||||||
|
//
|
||||||
|
// security:
|
||||||
|
// - OAuth2 Bearer:
|
||||||
|
// - admin
|
||||||
|
//
|
||||||
|
// responses:
|
||||||
|
// '200':
|
||||||
|
// description: The updated account, including profile source information.
|
||||||
|
// schema:
|
||||||
|
// "$ref": "#/definitions/account"
|
||||||
|
// '400':
|
||||||
|
// description: bad request
|
||||||
|
// '401':
|
||||||
|
// description: unauthorized
|
||||||
|
// '403':
|
||||||
|
// description: forbidden
|
||||||
|
// '406':
|
||||||
|
// description: not acceptable
|
||||||
|
// '500':
|
||||||
|
// description: internal server error
|
||||||
|
func (m *Module) AccountAvatarDELETEHandler(c *gin.Context) {
|
||||||
|
m.accountDeleteProfileAttachment(c, m.processor.Media().DeleteAvatar)
|
||||||
|
}
|
||||||
|
|
||||||
|
// AccountHeaderDELETEHandler swagger:operation DELETE /api/v1/profile/header accountHeaderDelete
|
||||||
|
//
|
||||||
|
// Delete the authenticated account's header.
|
||||||
|
// If the account doesn't have a header, the call succeeds anyway.
|
||||||
|
//
|
||||||
|
// ---
|
||||||
|
// tags:
|
||||||
|
// - accounts
|
||||||
|
//
|
||||||
|
// produces:
|
||||||
|
// - application/json
|
||||||
|
//
|
||||||
|
// security:
|
||||||
|
// - OAuth2 Bearer:
|
||||||
|
// - admin
|
||||||
|
//
|
||||||
|
// responses:
|
||||||
|
// '200':
|
||||||
|
// description: The updated account, including profile source information.
|
||||||
|
// schema:
|
||||||
|
// "$ref": "#/definitions/account"
|
||||||
|
// '400':
|
||||||
|
// description: bad request
|
||||||
|
// '401':
|
||||||
|
// description: unauthorized
|
||||||
|
// '403':
|
||||||
|
// description: forbidden
|
||||||
|
// '406':
|
||||||
|
// description: not acceptable
|
||||||
|
// '500':
|
||||||
|
// description: internal server error
|
||||||
|
func (m *Module) AccountHeaderDELETEHandler(c *gin.Context) {
|
||||||
|
m.accountDeleteProfileAttachment(c, m.processor.Media().DeleteHeader)
|
||||||
|
}
|
||||||
|
|
||||||
|
// accountDeleteProfileAttachment checks that an authenticated account is present and allowed to alter itself,
|
||||||
|
// runs an attachment deletion processor method, and returns the updated account.
|
||||||
|
func (m *Module) accountDeleteProfileAttachment(c *gin.Context, processDelete func(context.Context, *gtsmodel.Account) (*apimodel.Account, gtserror.WithCode)) {
|
||||||
|
authed, err := oauth.Authed(c, true, true, true, true)
|
||||||
|
if err != nil {
|
||||||
|
apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
|
||||||
|
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
acctSensitive, errWithCode := processDelete(c, authed.Account)
|
||||||
|
if errWithCode != nil {
|
||||||
|
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
apiutil.JSON(c, http.StatusOK, acctSensitive)
|
||||||
|
}
|
|
@ -0,0 +1,141 @@
|
||||||
|
// GoToSocial
|
||||||
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
||||||
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
package accounts_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
"github.com/stretchr/testify/suite"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
|
||||||
|
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/config"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/oauth"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/testrig"
|
||||||
|
)
|
||||||
|
|
||||||
|
type AccountProfileTestSuite struct {
|
||||||
|
AccountStandardTestSuite
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *AccountProfileTestSuite) deleteProfileAttachment(
|
||||||
|
testAccountFixtureName string,
|
||||||
|
profileSubpath string,
|
||||||
|
handler func(*gin.Context),
|
||||||
|
expectedHTTPStatus int,
|
||||||
|
) (*apimodel.Account, error) {
|
||||||
|
// instantiate recorder + test context
|
||||||
|
recorder := httptest.NewRecorder()
|
||||||
|
ctx, _ := testrig.CreateGinTestContext(recorder, nil)
|
||||||
|
ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[testAccountFixtureName])
|
||||||
|
ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[testAccountFixtureName]))
|
||||||
|
ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
|
||||||
|
ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[testAccountFixtureName])
|
||||||
|
|
||||||
|
// create the request
|
||||||
|
ctx.Request = httptest.NewRequest(http.MethodDelete, config.GetProtocol()+"://"+config.GetHost()+"/api"+accounts.ProfileBasePath+"/"+profileSubpath, nil)
|
||||||
|
ctx.Request.Header.Set("accept", "application/json")
|
||||||
|
|
||||||
|
// trigger the handler
|
||||||
|
handler(ctx)
|
||||||
|
|
||||||
|
// read the response
|
||||||
|
result := recorder.Result()
|
||||||
|
defer result.Body.Close()
|
||||||
|
|
||||||
|
b, err := io.ReadAll(result.Body)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// check code
|
||||||
|
if resultCode := recorder.Code; expectedHTTPStatus != resultCode {
|
||||||
|
return nil, fmt.Errorf("expected %d got %d", expectedHTTPStatus, resultCode)
|
||||||
|
}
|
||||||
|
|
||||||
|
resp := &apimodel.Account{}
|
||||||
|
if err := json.Unmarshal(b, resp); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return resp, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete the avatar of a user that has an avatar. Should succeed.
|
||||||
|
func (suite *AccountProfileTestSuite) TestDeleteAvatar() {
|
||||||
|
account, err := suite.deleteProfileAttachment(
|
||||||
|
"local_account_1",
|
||||||
|
"avatar",
|
||||||
|
suite.accountsModule.AccountAvatarDELETEHandler,
|
||||||
|
http.StatusOK,
|
||||||
|
)
|
||||||
|
if suite.NoError(err) {
|
||||||
|
// An empty URL is legal *only* in the test environment, which may have no default avatars.
|
||||||
|
suite.True(account.Avatar == "" || strings.HasPrefix(account.Avatar, "http://localhost:8080/assets/default_avatars/"))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete the avatar of a user that doesn't have an avatar. Should succeed.
|
||||||
|
func (suite *AccountProfileTestSuite) TestDeleteNonexistentAvatar() {
|
||||||
|
account, err := suite.deleteProfileAttachment(
|
||||||
|
"admin_account",
|
||||||
|
"avatar",
|
||||||
|
suite.accountsModule.AccountAvatarDELETEHandler,
|
||||||
|
http.StatusOK,
|
||||||
|
)
|
||||||
|
if suite.NoError(err) {
|
||||||
|
// An empty URL is legal *only* in the test environment, which may have no default avatars.
|
||||||
|
suite.True(account.Avatar == "" || strings.HasPrefix(account.Avatar, "http://localhost:8080/assets/default_avatars/"))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete the header of a user that has a header. Should succeed.
|
||||||
|
func (suite *AccountProfileTestSuite) TestDeleteHeader() {
|
||||||
|
account, err := suite.deleteProfileAttachment(
|
||||||
|
"local_account_2",
|
||||||
|
"header",
|
||||||
|
suite.accountsModule.AccountHeaderDELETEHandler,
|
||||||
|
http.StatusOK,
|
||||||
|
)
|
||||||
|
if suite.NoError(err) {
|
||||||
|
suite.Equal("http://localhost:8080/assets/default_header.png", account.Header)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete the header of a user that doesn't have a header. Should succeed.
|
||||||
|
func (suite *AccountProfileTestSuite) TestDeleteNonexistentHeader() {
|
||||||
|
account, err := suite.deleteProfileAttachment(
|
||||||
|
"admin_account",
|
||||||
|
"header",
|
||||||
|
suite.accountsModule.AccountHeaderDELETEHandler,
|
||||||
|
http.StatusOK,
|
||||||
|
)
|
||||||
|
if suite.NoError(err) {
|
||||||
|
suite.Equal("http://localhost:8080/assets/default_header.png", account.Header)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAccountProfileTestSuite(t *testing.T) {
|
||||||
|
suite.Run(t, new(AccountProfileTestSuite))
|
||||||
|
}
|
|
@ -0,0 +1,77 @@
|
||||||
|
// GoToSocial
|
||||||
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
||||||
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public License as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public License for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public License
|
||||||
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
package media
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
||||||
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
||||||
|
)
|
||||||
|
|
||||||
|
// DeleteAvatar deletes the account's avatar, if one exists, and returns the updated account.
|
||||||
|
// If no avatar exists, it returns anyway with no error.
|
||||||
|
func (p *Processor) DeleteAvatar(
|
||||||
|
ctx context.Context,
|
||||||
|
account *gtsmodel.Account,
|
||||||
|
) (*apimodel.Account, gtserror.WithCode) {
|
||||||
|
attachmentID := account.AvatarMediaAttachmentID
|
||||||
|
account.AvatarMediaAttachmentID = ""
|
||||||
|
return p.deleteProfileAttachment(ctx, account, "avatar_media_attachment_id", attachmentID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeleteHeader deletes the account's header, if one exists, and returns the updated account.
|
||||||
|
// If no header exists, it returns anyway with no error.
|
||||||
|
func (p *Processor) DeleteHeader(
|
||||||
|
ctx context.Context,
|
||||||
|
account *gtsmodel.Account,
|
||||||
|
) (*apimodel.Account, gtserror.WithCode) {
|
||||||
|
attachmentID := account.HeaderMediaAttachmentID
|
||||||
|
account.HeaderMediaAttachmentID = ""
|
||||||
|
return p.deleteProfileAttachment(ctx, account, "header_media_attachment_id", attachmentID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// deleteProfileAttachment updates an attachment ID column and then deletes the attachment.
|
||||||
|
// Precondition: the relevant attachment ID field of the account model has already been set to the empty string.
|
||||||
|
func (p *Processor) deleteProfileAttachment(
|
||||||
|
ctx context.Context,
|
||||||
|
account *gtsmodel.Account,
|
||||||
|
attachmentIDColumn string,
|
||||||
|
attachmentID string,
|
||||||
|
) (*apimodel.Account, gtserror.WithCode) {
|
||||||
|
if attachmentID != "" {
|
||||||
|
// Remove attachment from account.
|
||||||
|
if err := p.state.DB.UpdateAccount(ctx, account, attachmentIDColumn); err != nil {
|
||||||
|
return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not update account: %s", err))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Delete attachment media.
|
||||||
|
if err := p.Delete(ctx, attachmentID); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
acctSensitive, err := p.converter.AccountToAPIAccountSensitive(ctx, account)
|
||||||
|
if err != nil {
|
||||||
|
return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not convert account into apisensitive account: %s", err))
|
||||||
|
}
|
||||||
|
|
||||||
|
return acctSensitive, nil
|
||||||
|
}
|
|
@ -119,7 +119,7 @@ func (c *Converter) ensureAvatar(account *apimodel.Account) {
|
||||||
account.AvatarStatic = avatar
|
account.AvatarStatic = avatar
|
||||||
}
|
}
|
||||||
|
|
||||||
// EnsureAvatar ensures that the given account has a value set
|
// ensureHeader ensures that the given account has a value set
|
||||||
// for the header URL.
|
// for the header URL.
|
||||||
//
|
//
|
||||||
// If no value is set, the default header will be set.
|
// If no value is set, the default header will be set.
|
||||||
|
|
Loading…
Reference in New Issue