[feature] Implement profile API (#2926)

* Implement profile API

This Mastodon 4.2 extension provides capabilities missing from the existing Mastodon account update API: deleting an account's avatar or header.

See: https://docs.joinmastodon.org/methods/profile/

* Move profile media methods to media processor

* Remove check for moved account
This commit is contained in:
Vyr Cossont 2024-05-29 03:57:44 -07:00 committed by GitHub
parent f9a4a6120d
commit 975e92b7f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 405 additions and 1 deletions

View file

@ -7276,6 +7276,60 @@ paths:
summary: Return an object of user preferences.
tags:
- preferences
/api/v1/profile/avatar:
delete:
description: If the account doesn't have an avatar, the call succeeds anyway.
operationId: accountAvatarDelete
produces:
- application/json
responses:
"200":
description: The updated account, including profile source information.
schema:
$ref: '#/definitions/account'
"400":
description: bad request
"401":
description: unauthorized
"403":
description: forbidden
"406":
description: not acceptable
"500":
description: internal server error
security:
- OAuth2 Bearer:
- admin
summary: Delete the authenticated account's avatar.
tags:
- accounts
/api/v1/profile/header:
delete:
description: If the account doesn't have a header, the call succeeds anyway.
operationId: accountHeaderDelete
produces:
- application/json
responses:
"200":
description: The updated account, including profile source information.
schema:
$ref: '#/definitions/account'
"400":
description: bad request
"401":
description: unauthorized
"403":
description: forbidden
"406":
description: not acceptable
"500":
description: internal server error
security:
- OAuth2 Bearer:
- admin
summary: Delete the authenticated account's header.
tags:
- accounts
/api/v1/reports:
get:
description: |-

View file

@ -56,6 +56,11 @@
MovePath = BasePath + "/move"
AliasPath = BasePath + "/alias"
ThemesPath = BasePath + "/themes"
// ProfileBasePath for the profile API, an extension of the account update API with a different path.
ProfileBasePath = "/v1/profile"
AvatarPath = ProfileBasePath + "/avatar"
HeaderPath = ProfileBasePath + "/header"
)
type Module struct {
@ -84,6 +89,10 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
// modify account
attachHandler(http.MethodPatch, UpdatePath, m.AccountUpdateCredentialsPATCHHandler)
// modify account profile media
attachHandler(http.MethodDelete, AvatarPath, m.AccountAvatarDELETEHandler)
attachHandler(http.MethodDelete, HeaderPath, m.AccountHeaderDELETEHandler)
// get account's statuses
attachHandler(http.MethodGet, StatusesPath, m.AccountStatusesGETHandler)

View file

@ -0,0 +1,123 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package accounts
import (
"context"
"net/http"
"github.com/gin-gonic/gin"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/oauth"
)
// AccountAvatarDELETEHandler swagger:operation DELETE /api/v1/profile/avatar accountAvatarDelete
//
// Delete the authenticated account's avatar.
// If the account doesn't have an avatar, the call succeeds anyway.
//
// ---
// tags:
// - accounts
//
// produces:
// - application/json
//
// security:
// - OAuth2 Bearer:
// - admin
//
// responses:
// '200':
// description: The updated account, including profile source information.
// schema:
// "$ref": "#/definitions/account"
// '400':
// description: bad request
// '401':
// description: unauthorized
// '403':
// description: forbidden
// '406':
// description: not acceptable
// '500':
// description: internal server error
func (m *Module) AccountAvatarDELETEHandler(c *gin.Context) {
m.accountDeleteProfileAttachment(c, m.processor.Media().DeleteAvatar)
}
// AccountHeaderDELETEHandler swagger:operation DELETE /api/v1/profile/header accountHeaderDelete
//
// Delete the authenticated account's header.
// If the account doesn't have a header, the call succeeds anyway.
//
// ---
// tags:
// - accounts
//
// produces:
// - application/json
//
// security:
// - OAuth2 Bearer:
// - admin
//
// responses:
// '200':
// description: The updated account, including profile source information.
// schema:
// "$ref": "#/definitions/account"
// '400':
// description: bad request
// '401':
// description: unauthorized
// '403':
// description: forbidden
// '406':
// description: not acceptable
// '500':
// description: internal server error
func (m *Module) AccountHeaderDELETEHandler(c *gin.Context) {
m.accountDeleteProfileAttachment(c, m.processor.Media().DeleteHeader)
}
// accountDeleteProfileAttachment checks that an authenticated account is present and allowed to alter itself,
// runs an attachment deletion processor method, and returns the updated account.
func (m *Module) accountDeleteProfileAttachment(c *gin.Context, processDelete func(context.Context, *gtsmodel.Account) (*apimodel.Account, gtserror.WithCode)) {
authed, err := oauth.Authed(c, true, true, true, true)
if err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
return
}
if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
return
}
acctSensitive, errWithCode := processDelete(c, authed.Account)
if errWithCode != nil {
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
apiutil.JSON(c, http.StatusOK, acctSensitive)
}

View file

@ -0,0 +1,141 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package accounts_test
import (
"encoding/json"
"fmt"
"io"
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/oauth"
"github.com/superseriousbusiness/gotosocial/testrig"
)
type AccountProfileTestSuite struct {
AccountStandardTestSuite
}
func (suite *AccountProfileTestSuite) deleteProfileAttachment(
testAccountFixtureName string,
profileSubpath string,
handler func(*gin.Context),
expectedHTTPStatus int,
) (*apimodel.Account, error) {
// instantiate recorder + test context
recorder := httptest.NewRecorder()
ctx, _ := testrig.CreateGinTestContext(recorder, nil)
ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[testAccountFixtureName])
ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[testAccountFixtureName]))
ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[testAccountFixtureName])
// create the request
ctx.Request = httptest.NewRequest(http.MethodDelete, config.GetProtocol()+"://"+config.GetHost()+"/api"+accounts.ProfileBasePath+"/"+profileSubpath, nil)
ctx.Request.Header.Set("accept", "application/json")
// trigger the handler
handler(ctx)
// read the response
result := recorder.Result()
defer result.Body.Close()
b, err := io.ReadAll(result.Body)
if err != nil {
return nil, err
}
// check code
if resultCode := recorder.Code; expectedHTTPStatus != resultCode {
return nil, fmt.Errorf("expected %d got %d", expectedHTTPStatus, resultCode)
}
resp := &apimodel.Account{}
if err := json.Unmarshal(b, resp); err != nil {
return nil, err
}
return resp, nil
}
// Delete the avatar of a user that has an avatar. Should succeed.
func (suite *AccountProfileTestSuite) TestDeleteAvatar() {
account, err := suite.deleteProfileAttachment(
"local_account_1",
"avatar",
suite.accountsModule.AccountAvatarDELETEHandler,
http.StatusOK,
)
if suite.NoError(err) {
// An empty URL is legal *only* in the test environment, which may have no default avatars.
suite.True(account.Avatar == "" || strings.HasPrefix(account.Avatar, "http://localhost:8080/assets/default_avatars/"))
}
}
// Delete the avatar of a user that doesn't have an avatar. Should succeed.
func (suite *AccountProfileTestSuite) TestDeleteNonexistentAvatar() {
account, err := suite.deleteProfileAttachment(
"admin_account",
"avatar",
suite.accountsModule.AccountAvatarDELETEHandler,
http.StatusOK,
)
if suite.NoError(err) {
// An empty URL is legal *only* in the test environment, which may have no default avatars.
suite.True(account.Avatar == "" || strings.HasPrefix(account.Avatar, "http://localhost:8080/assets/default_avatars/"))
}
}
// Delete the header of a user that has a header. Should succeed.
func (suite *AccountProfileTestSuite) TestDeleteHeader() {
account, err := suite.deleteProfileAttachment(
"local_account_2",
"header",
suite.accountsModule.AccountHeaderDELETEHandler,
http.StatusOK,
)
if suite.NoError(err) {
suite.Equal("http://localhost:8080/assets/default_header.png", account.Header)
}
}
// Delete the header of a user that doesn't have a header. Should succeed.
func (suite *AccountProfileTestSuite) TestDeleteNonexistentHeader() {
account, err := suite.deleteProfileAttachment(
"admin_account",
"header",
suite.accountsModule.AccountHeaderDELETEHandler,
http.StatusOK,
)
if suite.NoError(err) {
suite.Equal("http://localhost:8080/assets/default_header.png", account.Header)
}
}
func TestAccountProfileTestSuite(t *testing.T) {
suite.Run(t, new(AccountProfileTestSuite))
}

View file

@ -0,0 +1,77 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package media
import (
"context"
"fmt"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
)
// DeleteAvatar deletes the account's avatar, if one exists, and returns the updated account.
// If no avatar exists, it returns anyway with no error.
func (p *Processor) DeleteAvatar(
ctx context.Context,
account *gtsmodel.Account,
) (*apimodel.Account, gtserror.WithCode) {
attachmentID := account.AvatarMediaAttachmentID
account.AvatarMediaAttachmentID = ""
return p.deleteProfileAttachment(ctx, account, "avatar_media_attachment_id", attachmentID)
}
// DeleteHeader deletes the account's header, if one exists, and returns the updated account.
// If no header exists, it returns anyway with no error.
func (p *Processor) DeleteHeader(
ctx context.Context,
account *gtsmodel.Account,
) (*apimodel.Account, gtserror.WithCode) {
attachmentID := account.HeaderMediaAttachmentID
account.HeaderMediaAttachmentID = ""
return p.deleteProfileAttachment(ctx, account, "header_media_attachment_id", attachmentID)
}
// deleteProfileAttachment updates an attachment ID column and then deletes the attachment.
// Precondition: the relevant attachment ID field of the account model has already been set to the empty string.
func (p *Processor) deleteProfileAttachment(
ctx context.Context,
account *gtsmodel.Account,
attachmentIDColumn string,
attachmentID string,
) (*apimodel.Account, gtserror.WithCode) {
if attachmentID != "" {
// Remove attachment from account.
if err := p.state.DB.UpdateAccount(ctx, account, attachmentIDColumn); err != nil {
return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not update account: %s", err))
}
// Delete attachment media.
if err := p.Delete(ctx, attachmentID); err != nil {
return nil, err
}
}
acctSensitive, err := p.converter.AccountToAPIAccountSensitive(ctx, account)
if err != nil {
return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not convert account into apisensitive account: %s", err))
}
return acctSensitive, nil
}

View file

@ -119,7 +119,7 @@ func (c *Converter) ensureAvatar(account *apimodel.Account) {
account.AvatarStatic = avatar
}
// EnsureAvatar ensures that the given account has a value set
// ensureHeader ensures that the given account has a value set
// for the header URL.
//
// If no value is set, the default header will be set.