Commit Graph

20 Commits (754baf00c01e0f682ec5fcdd024e46d6d48d1502)

Author SHA1 Message Date
Claire 502cf75b16
Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
7 months ago
Matt Jankowski 65e82211cd
Rename `cache_*` methods to `preload_*` in controller concern (#30209) 8 months ago
Matt Jankowski 7e1a77ea51
Add base class for `api/v1/timelines/*` controllers (#27840) 1 year ago
Eugen Rochko 6084461cd0
Change unauthenticated responses to be cached in REST API (#24348) 2 years ago
Eugen Rochko 0cd0786aef
Revert filtering public timelines by locale by default (#20294) 2 years ago
Eugen Rochko 9f65909f42
Change public timelines to be filtered by current locale by default (#19291)
In the absence of an opt-in to multiple specific languages in the
preferences, it makes more sense to filter by the user's presumed
language only (interface language or `lang` override)
2 years ago
Eugen Rochko e8bc187845
Refactor how public and tag timelines are queried (#14728) 4 years ago
Akihiko Odaki 64ef37b89d
Introduce ApplicationController#cache_collection_paginated_by_id (#14677)
* Replace incorrect use of distinct with group

Some uses of ActiveRecord::QueryMethods#distinct pass field names but they
are incorrect for the current version of Rails.

ActiveRecord::QueryMethods#group provides the expected behavior and
benefits performance. See commit 6da24aad4c.

* Introduce ApplicationController#cache_collection_paginated_by_id

ApplicationController#cache_collection_paginated_by_id fuses
ApplicationController#cache_collection and Paginable.paginate_by_id.

An advantage of this method is that it prevents from modifying scope which
Paginable.paginate_by_id may provide.
ApplicationController#cache_collection always return an array and there
is no possibility of the scope modification. It is also clear for a
programmer, considering the implication of "cache".

This method can also emit more efficient queries by using
Cacheable.cache_ids before calling Paginable.paginate_by_id.
4 years ago
Akihiko Odaki e26e7a1cb5
Replace incorrect use of distinct with group (#14675)
Some uses of ActiveRecord::QueryMethods#distinct pass field names but they
are incorrect for the current version of Rails.

ActiveRecord::QueryMethods#group provides the expected behavior and
benefits performance. See commit 6da24aad4c.
4 years ago
Takeshi Umeda 26b08a3c54
Add remote only to public timeline (#13504)
* Add remote only to public timeline

* Fix code style
5 years ago
Eugen Rochko 0ae5c6312f
Remove useless `respond_to` calls (#13208) 5 years ago
ThibG 225edac118 Change /api/v1/timelines/public to require auth when public preview is off (#11802)
Fixes #11289
5 years ago
Eugen Rochko f0fff3eb10
Support min_id-based pagination in REST API (#8736)
* Allow min_id pagination in Feed#get

* Add min_id pagination to home and list timeline APIs

* Add min_id pagination to account statuses, public and tag APIs

* Remove unused stub in reports API

* Use min_id pagination in notifications, favourites, and fix order

* Fix HomeFeed#from_database not using paginate_by_id
6 years ago
Eugen Rochko 33513753b9
Fix unpermitted parameters warning when generating pagination URLs (#6995) 7 years ago
Eugen Rochko 68218d97c8
Add only_media param to public and hashtag timelines API (#6576) 7 years ago
Eugen Rochko fce8464077
Ensure that boolean params in the API are parsed for truthiness (#6575)
Use Rails smart boolean cast to account for values such as "f",
"0", "false", etc. Previously, if a param was present in the request,
it would count as true.
7 years ago
Eugen Rochko 8b2cad5637 Refactor JSON templates to be generated with ActiveModelSerializers instead of Rabl (#4090) 8 years ago
Matt Jankowski 73540ffe6b Clean up for api/base controller (#3629)
* Move ApiController to Api/BaseController

* API controllers inherit from Api::BaseController

* Add coverage for various error cases in api/base controller
8 years ago
Matt Jankowski d6774d2ca3 Refactor and spec coverage for api/v1/timelines actions (#3482) 8 years ago
Matt Jankowski 4289ed1d13 Refactor of API timeline actions (#3263)
- Increase coverage to exercise all parts of each action
- Move into namespace to share common code
- Misc refactor of each action for smaller methods, simpler code
8 years ago