OpenAPI: TwitterAPI Util Controller

lib/pleroma/web/api_spec/operations/twitter_util_operation.ex

@@ -0,0 +1,219 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
+  alias OpenApiSpex.Operation
+  alias OpenApiSpex.Schema
+  alias Pleroma.Web.ApiSpec.Schemas.ApiError
+  alias Pleroma.Web.ApiSpec.Schemas.BooleanLike
+
+  def open_api_operation(action) do
+    operation = String.to_existing_atom("#{action}_operation")
+    apply(__MODULE__, operation, [])
+  end
+
+  def emoji_operation do
+    %Operation{
+      tags: ["Emojis"],
+      summary: "List all custom emojis",
+      operationId: "UtilController.emoji",
+      parameters: [],
+      responses: %{
+        200 =>
+          Operation.response("List", "application/json", %Schema{
+            type: :object,
+            additionalProperties: %Schema{
+              type: :object,
+              properties: %{
+                image_url: %Schema{type: :string},
+                tags: %Schema{type: :array, items: %Schema{type: :string}}
+              }
+            },
+            example: %{
+              "firefox" => %{
+                "image_url" => "/emoji/firefox.png",
+                "tag" => ["Fun"]
+              }
+            }
+          })
+      }
+    }
+  end
+
+  def frontend_configurations_operation do
+    %Operation{
+      tags: ["Configuration"],
+      summary: "Dump frontend configurations",
+      operationId: "UtilController.frontend_configurations",
+      parameters: [],
+      responses: %{
+        200 =>
+          Operation.response("List", "application/json", %Schema{
+            type: :object,
+            additionalProperties: %Schema{type: :object}
+          })
+      }
+    }
+  end
+
+  def change_password_operation do
+    %Operation{
+      tags: ["Accounts"],
+      summary: "Change account password",
+      security: [%{"oAuth" => ["write:accounts"]}],
+      operationId: "UtilController.change_password",
+      parameters: [
+        Operation.parameter(:password, :query, :string, "Current password", required: true),
+        Operation.parameter(:new_password, :query, :string, "New password", required: true),
+        Operation.parameter(
+          :new_password_confirmation,
+          :query,
+          :string,
+          "New password, confirmation",
+          required: true
+        )
+      ],
+      responses: %{
+        200 =>
+          Operation.response("Success", "application/json", %Schema{
+            type: :object,
+            properties: %{status: %Schema{type: :string, example: "success"}}
+          }),
+        400 => Operation.response("Error", "application/json", ApiError),
+        403 => Operation.response("Error", "application/json", ApiError)
+      }
+    }
+  end
+
+  def change_email_operation do
+    %Operation{
+      tags: ["Accounts"],
+      summary: "Change account email",
+      security: [%{"oAuth" => ["write:accounts"]}],
+      operationId: "UtilController.change_email",
+      parameters: [
+        Operation.parameter(:password, :query, :string, "Current password", required: true),
+        Operation.parameter(:email, :query, :string, "New email", required: true)
+      ],
+      requestBody: nil,
+      responses: %{
+        200 =>
+          Operation.response("Success", "application/json", %Schema{
+            type: :object,
+            properties: %{status: %Schema{type: :string, example: "success"}}
+          }),
+        400 => Operation.response("Error", "application/json", ApiError),
+        403 => Operation.response("Error", "application/json", ApiError)
+      }
+    }
+  end
+
+  def update_notificaton_settings_operation do
+    %Operation{
+      tags: ["Accounts"],
+      summary: "Update Notification Settings",
+      security: [%{"oAuth" => ["write:accounts"]}],
+      operationId: "UtilController.update_notificaton_settings",
+      parameters: [
+        Operation.parameter(
+          :block_from_strangers,
+          :query,
+          BooleanLike,
+          "blocks notifications from accounts you do not follow"
+        ),
+        Operation.parameter(
+          :hide_notification_contents,
+          :query,
+          BooleanLike,
+          "removes the contents of a message from the push notification"
+        )
+      ],
+      requestBody: nil,
+      responses: %{
+        200 =>
+          Operation.response("Success", "application/json", %Schema{
+            type: :object,
+            properties: %{status: %Schema{type: :string, example: "success"}}
+          }),
+        400 => Operation.response("Error", "application/json", ApiError)
+      }
+    }
+  end
+
+  def disable_account_operation do
+    %Operation{
+      tags: ["Accounts"],
+      summary: "Disable Account",
+      security: [%{"oAuth" => ["write:accounts"]}],
+      operationId: "UtilController.disable_account",
+      parameters: [
+        Operation.parameter(:password, :query, :string, "Password")
+      ],
+      responses: %{
+        200 =>
+          Operation.response("Success", "application/json", %Schema{
+            type: :object,
+            properties: %{status: %Schema{type: :string, example: "success"}}
+          }),
+        403 => Operation.response("Error", "application/json", ApiError)
+      }
+    }
+  end
+
+  def delete_account_operation do
+    %Operation{
+      tags: ["Accounts"],
+      summary: "Delete Account",
+      security: [%{"oAuth" => ["write:accounts"]}],
+      operationId: "UtilController.delete_account",
+      parameters: [
+        Operation.parameter(:password, :query, :string, "Password")
+      ],
+      responses: %{
+        200 =>
+          Operation.response("Success", "application/json", %Schema{
+            type: :object,
+            properties: %{status: %Schema{type: :string, example: "success"}}
+          }),
+        403 => Operation.response("Error", "application/json", ApiError)
+      }
+    }
+  end
+
+  def captcha_operation do
+    %Operation{
+      summary: "Get a captcha",
+      operationId: "UtilController.captcha",
+      parameters: [],
+      responses: %{
+        200 => Operation.response("Success", "application/json", %Schema{type: :object})
+      }
+    }
+  end
+
+  def healthcheck_operation do
+    %Operation{
+      tags: ["Accounts"],
+      summary: "Disable Account",
+      security: [%{"oAuth" => ["write:accounts"]}],
+      operationId: "UtilController.healthcheck",
+      parameters: [],
+      responses: %{
+        200 => Operation.response("Healthy", "application/json", %Schema{type: :object}),
+        503 =>
+          Operation.response("Disabled or Unhealthy", "application/json", %Schema{type: :object})
+      }
+    }
+  end
+
+  def remote_subscribe_operation do
+    %Operation{
+      tags: ["Accounts"],
+      summary: "Remote Subscribe",
+      operationId: "UtilController.remote_subscribe",
+      parameters: [],
+      responses: %{200 => Operation.response("Web Page", "test/html", %Schema{type: :string})}
+    }
+  end
+end

lib/pleroma/web/twitter_api/controllers/util_controller.ex

@@ -15,6 +15,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
   alias Pleroma.Web.Plugs.OAuthScopesPlug
   alias Pleroma.Web.WebFinger
 
+  plug(Pleroma.Web.ApiSpec.CastAndValidate when action != :remote_subscribe)
   plug(Pleroma.Web.Plugs.FederatingPlug when action == :remote_subscribe)
 
   plug(
@@ -29,6 +30,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
          ]
   )
 
+  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.TwitterUtilOperation
 
   def remote_subscribe(conn, %{"nickname" => nick, "profile" => _}) do
     with %User{} = user <- User.get_cached_by_nickname(nick),
@@ -79,13 +81,17 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
     end
   end
 
-  def change_password(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+  def change_password(%{assigns: %{user: user}} = conn, %{
+        password: password,
+        new_password: new_password,
+        new_password_confirmation: new_password_confirmation
+      }) do
+    case CommonAPI.Utils.confirm_current_password(user, password) do
       {:ok, user} ->
         with {:ok, _user} <-
                User.reset_password(user, %{
-                 password: params["new_password"],
-                 password_confirmation: params["new_password_confirmation"]
+                 password: new_password,
+                 password_confirmation: new_password_confirmation
                }) do
           json(conn, %{status: "success"})
         else
@@ -102,10 +108,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
     end
   end
 
-  def change_email(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+  def change_email(%{assigns: %{user: user}} = conn, %{password: password, email: email}) do
+    case CommonAPI.Utils.confirm_current_password(user, password) do
       {:ok, user} ->
-        with {:ok, _user} <- User.change_email(user, params["email"]) do
+        with {:ok, _user} <- User.change_email(user, email) do
           json(conn, %{status: "success"})
         else
           {:error, changeset} ->
@@ -122,7 +128,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
   end
 
   def delete_account(%{assigns: %{user: user}} = conn, params) do
-    password = params["password"] || ""
+    password = params[:password] || ""
 
     case CommonAPI.Utils.confirm_current_password(user, password) do
       {:ok, user} ->
@@ -135,7 +141,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
   end
 
   def disable_account(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+    case CommonAPI.Utils.confirm_current_password(user, params[:password]) do
       {:ok, user} ->
         User.set_activation_async(user, false)
         json(conn, %{status: "success"})