Media upload for avatars and banners, more work, fix tests

2026-03-13 13:59:16 +01:00 · 2023-10-19 09:53:59 -10:00 · 2023-10-19 09:53:59 -10:00 · 460b68c381
commit 460b68c381
parent 16cfd5d900
17 changed files with 360 additions and 139 deletions
--- a/server/api/api/v1/accounts/update_credentials/index.ts
+++ b/server/api/api/v1/accounts/update_credentials/index.ts
@ -5,6 +5,7 @@ import { User } from "~database/entities/User";
 import { applyConfig } from "@api";
 import { sanitize } from "isomorphic-dompurify";
 import { sanitizeHtml } from "@sanitization";
+import { uploadFile } from "~classes/media";

 export const meta = applyConfig({
 	allowedMethods: ["PATCH"],
@ -145,7 +146,9 @@ export default async (req: Request): Promise<Response> => {
 			);
 		}

-		// TODO: Store the file somewhere and then change the user's actual avatar
+		const hash = await uploadFile(avatar, config);
+
+		user.avatar = hash || "";
 	}

 	if (header) {
@ -156,7 +159,10 @@ export default async (req: Request): Promise<Response> => {
 				422
 			);
 		}
-		// TODO: Store the file somewhere and then change the user's actual header
+
+		const hash = await uploadFile(header, config);
+
+		user.header = hash || "";
 	}

 	if (locked) {
--- a/server/api/api/v1/instance/index.ts
+++ b/server/api/api/v1/instance/index.ts
@ -48,6 +48,12 @@ export default async (): Promise<Response> => {
 				characters_reserved_per_url: 0,
 				max_characters: config.validation.max_note_size,
 				max_media_attachments: config.validation.max_media_attachments,
+				supported_mime_types: [
+					"text/plain",
+					"text/markdown",
+					"text/html",
+					"text/x.misskeymarkdown",
+				],
 			},
 		},
 		description: "A test instance",
@ -67,7 +73,43 @@ export default async (): Promise<Response> => {
 		urls: {
 			streaming_api: "",
 		},
-		version: "0.0.1",
+		version: "4.2.0+glitch (compatible; Lysand 0.0.1)",
 		max_toot_chars: config.validation.max_note_size,
+		pleroma: {
+			metadata: {
+				// account_activation_required: false,
+				features: [
+					"pleroma_api",
+					"akkoma_api",
+					"mastodon_api",
+					// "mastodon_api_streaming",
+					// "polls",
+					// "v2_suggestions",
+					// "pleroma_explicit_addressing",
+					// "shareable_emoji_packs",
+					// "multifetch",
+					// "pleroma:api/v1/notifications:include_types_filter",
+					"quote_posting",
+					"editing",
+					// "bubble_timeline",
+					// "relay",
+					// "pleroma_emoji_reactions",
+					// "exposable_reactions",
+					// "profile_directory",
+					// "custom_emoji_reactions",
+					// "pleroma:get:main/ostatus",
+				],
+				post_formats: [
+					"text/plain",
+					"text/html",
+					"text/markdown",
+					"text/x.misskeymarkdown",
+				],
+				privileged_staff: false,
+			},
+			stats: {
+				mau: 2,
+			},
+		},
 	});
 };
--- a/server/api/api/v1/statuses/[id]/index.ts
+++ b/server/api/api/v1/statuses/[id]/index.ts
@ -30,8 +30,6 @@ export default async (

 	const { user } = await User.getFromRequest(req);

-	// TODO: Add checks for user's permissions to view this status
-
 	let foundStatus: RawObject | null;
 	try {
 		foundStatus = await RawObject.findOneBy({
@ -43,6 +41,14 @@ export default async (

 	if (!foundStatus) return errorResponse("Record not found", 404);

+	// Check if user is authorized to view this status (if it's private)
+	if (
+		(await foundStatus.toAPI()).visibility === "private" &&
+		(await foundStatus.toAPI()).account.id !== user?.id
+	) {
+		return errorResponse("Record not found", 404);
+	}
+
 	if (req.method === "GET") {
 		return jsonResponse(await foundStatus.toAPI());
 	} else if (req.method === "DELETE") {
--- a/server/api/api/v1/statuses/index.ts
+++ b/server/api/api/v1/statuses/index.ts
@ -8,6 +8,7 @@ import { errorResponse, jsonResponse } from "@response";
 import { sanitizeHtml } from "@sanitization";
 import { APActor } from "activitypub-types";
 import { sanitize } from "isomorphic-dompurify";
+import { parse } from "marked";
 import { Application } from "~database/entities/Application";
 import { RawObject } from "~database/entities/RawObject";
 import { Status } from "~database/entities/Status";
@ -50,6 +51,7 @@ export default async (req: Request): Promise<Response> => {
 		sensitive,
 		spoiler_text,
 		visibility,
+		content_type,
 	} = await parseRequest<{
 		status: string;
 		media_ids?: string[];
@ -67,14 +69,22 @@ export default async (req: Request): Promise<Response> => {
 		content_type?: string;
 	}>(req);

-	// TODO: Parse Markdown statuses
-
 	// Validate status
 	if (!status) {
 		return errorResponse("Status is required", 422);
 	}

-	const sanitizedStatus = await sanitizeHtml(status);
+	let sanitizedStatus: string;
+
+	if (content_type === "text/markdown") {
+		sanitizedStatus = await sanitizeHtml(parse(status));
+	} else if (content_type === "text/x.misskeymarkdown") {
+		// Parse as MFM
+		// TODO: Parse as MFM
+		sanitizedStatus = await sanitizeHtml(parse(status));
+	} else {
+		sanitizedStatus = await sanitizeHtml(status);
+	}

 	if (sanitizedStatus.length > config.validation.max_note_size) {
 		return errorResponse(