Make public timelines API not require user context/app credentials (#…

…1291)

* Make /api/v1/timelines/public and /api/v1/timelines/tag/:id public
Fix #1156 - respect query params when generating pagination links in API

* Apply pagination fix to more APIs

app/controllers/api/v1/accounts_controller.rb

@@ -20,10 +20,8 @@ def following
     accounts  = Account.where(id: results.map(&:target_account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.target_account_id] }
 
-    # set_account_counters_maps(@accounts)
-
-    next_path = following_api_v1_account_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
-    prev_path = following_api_v1_account_url(since_id: results.first.id) unless results.empty?
+    next_path = following_api_v1_account_url(pagination_params(max_id: results.last.id))    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
+    prev_path = following_api_v1_account_url(pagination_params(since_id: results.first.id)) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
 
@@ -35,10 +33,8 @@ def followers
     accounts  = Account.where(id: results.map(&:account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.account_id] }
 
-    # set_account_counters_maps(@accounts)
-
-    next_path = followers_api_v1_account_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
-    prev_path = followers_api_v1_account_url(since_id: results.first.id) unless results.empty?
+    next_path = followers_api_v1_account_url(pagination_params(max_id: results.last.id))    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
+    prev_path = followers_api_v1_account_url(pagination_params(since_id: results.first.id)) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
 
@@ -52,11 +48,9 @@ def statuses
     @statuses = cache_collection(@statuses, Status)
 
     set_maps(@statuses)
-    # set_counters_maps(@statuses)
-    # set_account_counters_maps(@statuses.flat_map { |s| [s.account, s.reblog? ? s.reblog.account : nil] }.compact.uniq)
 
-    next_path = statuses_api_v1_account_url(max_id: @statuses.last.id)    unless @statuses.empty?
-    prev_path = statuses_api_v1_account_url(since_id: @statuses.first.id) unless @statuses.empty?
+    next_path = statuses_api_v1_account_url(statuses_pagination_params(max_id: @statuses.last.id))    unless @statuses.empty?
+    prev_path = statuses_api_v1_account_url(statuses_pagination_params(since_id: @statuses.first.id)) unless @statuses.empty?
 
     set_pagination_headers(next_path, prev_path)
   end
@@ -117,8 +111,6 @@ def relationships
   def search
     @accounts = AccountSearchService.new.call(params[:q], limit_param(DEFAULT_ACCOUNTS_LIMIT), params[:resolve] == 'true', current_account)
 
-    # set_account_counters_maps(@accounts) unless @accounts.nil?
-
     render action: :index
   end
 
@@ -135,4 +127,12 @@ def set_relationship
     @muting      = Account.muting_map([@account.id], current_user.account_id)
     @requested   = Account.requested_map([@account.id], current_user.account_id)
   end
+
+  def pagination_params(core_params)
+    params.permit(:limit).merge(core_params)
+  end
+
+  def statuses_pagination_params(core_params)
+    params.permit(:limit, :only_media, :exclude_replies).merge(core_params)
+  end
 end

app/controllers/api/v1/blocks_controller.rb

@@ -11,11 +11,15 @@ def index
     accounts  = Account.where(id: results.map(&:target_account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.target_account_id] }.compact
 
-    # set_account_counters_maps(@accounts)
-
-    next_path = api_v1_blocks_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
-    prev_path = api_v1_blocks_url(since_id: results.first.id) unless results.empty?
+    next_path = api_v1_blocks_url(pagination_params(max_id: results.last.id))    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
+    prev_path = api_v1_blocks_url(pagination_params(since_id: results.first.id)) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
   end
+
+  private
+
+  def pagination_params(core_params)
+    params.permit(:limit).merge(core_params)
+  end
 end

app/controllers/api/v1/favourites_controller.rb

@@ -11,11 +11,16 @@ def index
     @statuses = cache_collection(Status.where(id: results.map(&:status_id)), Status)
 
     set_maps(@statuses)
-    # set_counters_maps(@statuses)
 
-    next_path = api_v1_favourites_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_STATUSES_LIMIT)
-    prev_path = api_v1_favourites_url(since_id: results.first.id) unless results.empty?
+    next_path = api_v1_favourites_url(pagination_params(max_id: results.last.id))    if results.size == limit_param(DEFAULT_STATUSES_LIMIT)
+    prev_path = api_v1_favourites_url(pagination_params(since_id: results.first.id)) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
   end
+
+  private
+
+  def pagination_params(core_params)
+    params.permit(:limit).merge(core_params)
+  end
 end

app/controllers/api/v1/follow_requests_controller.rb

@@ -9,10 +9,8 @@ def index
     accounts  = Account.where(id: results.map(&:account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.account_id] }
 
-    # set_account_counters_maps(@accounts)
-
-    next_path = api_v1_follow_requests_url(max_id: results.last.id)    if results.size == DEFAULT_ACCOUNTS_LIMIT
-    prev_path = api_v1_follow_requests_url(since_id: results.first.id) unless results.empty?
+    next_path = api_v1_follow_requests_url(pagination_params(max_id: results.last.id))    if results.size == DEFAULT_ACCOUNTS_LIMIT
+    prev_path = api_v1_follow_requests_url(pagination_params(since_id: results.first.id)) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
   end
@@ -26,4 +24,10 @@ def reject
     RejectFollowService.new.call(Account.find(params[:id]), current_account)
     render_empty
   end
+
+  private
+
+  def pagination_params(core_params)
+    params.permit(:limit).merge(core_params)
+  end
 end

app/controllers/api/v1/mutes_controller.rb

@@ -11,11 +11,15 @@ def index
     accounts  = Account.where(id: results.map(&:target_account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.target_account_id] }
 
-    # set_account_counters_maps(@accounts)
-
-    next_path = api_v1_mutes_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
-    prev_path = api_v1_mutes_url(since_id: results.first.id) unless results.empty?
+    next_path = api_v1_mutes_url(pagination_params(max_id: results.last.id))    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
+    prev_path = api_v1_mutes_url(pagination_params(since_id: results.first.id)) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
   end
+
+  private
+
+  def pagination_params(core_params)
+    params.permit(:limit).merge(core_params)
+  end
 end

app/controllers/api/v1/notifications_controller.rb

@@ -14,11 +14,9 @@ def index
     statuses       = @notifications.select { |n| !n.target_status.nil? }.map(&:target_status)
 
     set_maps(statuses)
-    # set_counters_maps(statuses)
-    # set_account_counters_maps(@notifications.map(&:from_account))
 
-    next_path = api_v1_notifications_url(max_id: @notifications.last.id)    unless @notifications.empty?
-    prev_path = api_v1_notifications_url(since_id: @notifications.first.id) unless @notifications.empty?
+    next_path = api_v1_notifications_url(pagination_params(max_id: @notifications.last.id))    unless @notifications.empty?
+    prev_path = api_v1_notifications_url(pagination_params(since_id: @notifications.first.id)) unless @notifications.empty?
 
     set_pagination_headers(next_path, prev_path)
   end
@@ -31,4 +29,10 @@ def clear
     Notification.where(account: current_account).delete_all
     render_empty
   end
+
+  private
+
+  def pagination_params(core_params)
+    params.permit(:limit).merge(core_params)
+  end
 end

app/controllers/api/v1/statuses_controller.rb

@@ -23,7 +23,6 @@ def context
     statuses = [@status] + @context[:ancestors] + @context[:descendants]
 
     set_maps(statuses)
-    # set_counters_maps(statuses)
   end
 
   def card
@@ -36,10 +35,8 @@ def reblogged_by
     accounts  = Account.where(id: results.map(&:account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |r| accounts[r.account_id] }
 
-    # set_account_counters_maps(@accounts)
-
-    next_path = reblogged_by_api_v1_status_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
-    prev_path = reblogged_by_api_v1_status_url(since_id: results.first.id) unless results.empty?
+    next_path = reblogged_by_api_v1_status_url(pagination_params(max_id: results.last.id))    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
+    prev_path = reblogged_by_api_v1_status_url(pagination_params(since_id: results.first.id)) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
 
@@ -51,10 +48,8 @@ def favourited_by
     accounts  = Account.where(id: results.map(&:account_id)).map { |a| [a.id, a] }.to_h
     @accounts = results.map { |f| accounts[f.account_id] }
 
-    # set_account_counters_maps(@accounts)
-
-    next_path = favourited_by_api_v1_status_url(max_id: results.last.id)    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
-    prev_path = favourited_by_api_v1_status_url(since_id: results.first.id) unless results.empty?
+    next_path = favourited_by_api_v1_status_url(pagination_params(max_id: results.last.id))    if results.size == limit_param(DEFAULT_ACCOUNTS_LIMIT)
+    prev_path = favourited_by_api_v1_status_url(pagination_params(since_id: results.first.id)) unless results.empty?
 
     set_pagination_headers(next_path, prev_path)
 
@@ -115,4 +110,8 @@ def set_status
   def status_params
     params.permit(:status, :in_reply_to_id, :sensitive, :spoiler_text, :visibility, media_ids: [])
   end
+
+  def pagination_params(core_params)
+    params.permit(:limit).merge(core_params)
+  end
 end

app/controllers/api/v1/timelines_controller.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 class Api::V1::TimelinesController < ApiController
-  before_action -> { doorkeeper_authorize! :read }
-  before_action :require_user!, only: [:home, :mentions]
+  before_action -> { doorkeeper_authorize! :read }, only: [:home]
+  before_action :require_user!, only: [:home]
 
   respond_to :json
 
@@ -11,11 +11,9 @@ def home
     @statuses = cache_collection(@statuses)
 
     set_maps(@statuses)
-    # set_counters_maps(@statuses)
-    # set_account_counters_maps(@statuses.flat_map { |s| [s.account, s.reblog? ? s.reblog.account : nil] }.compact.uniq)
 
-    next_path = api_v1_home_timeline_url(max_id: @statuses.last.id)    unless @statuses.empty?
-    prev_path = api_v1_home_timeline_url(since_id: @statuses.first.id) unless @statuses.empty?
+    next_path = api_v1_home_timeline_url(pagination_params(max_id: @statuses.last.id))    unless @statuses.empty?
+    prev_path = api_v1_home_timeline_url(pagination_params(since_id: @statuses.first.id)) unless @statuses.empty?
 
     set_pagination_headers(next_path, prev_path)
 
@@ -27,11 +25,9 @@ def public
     @statuses = cache_collection(@statuses)
 
     set_maps(@statuses)
-    # set_counters_maps(@statuses)
-    # set_account_counters_maps(@statuses.flat_map { |s| [s.account, s.reblog? ? s.reblog.account : nil] }.compact.uniq)
 
-    next_path = api_v1_public_timeline_url(max_id: @statuses.last.id)    unless @statuses.empty?
-    prev_path = api_v1_public_timeline_url(since_id: @statuses.first.id) unless @statuses.empty?
+    next_path = api_v1_public_timeline_url(pagination_params(max_id: @statuses.last.id))    unless @statuses.empty?
+    prev_path = api_v1_public_timeline_url(pagination_params(since_id: @statuses.first.id)) unless @statuses.empty?
 
     set_pagination_headers(next_path, prev_path)
 
@@ -44,11 +40,9 @@ def tag
     @statuses = cache_collection(@statuses)
 
     set_maps(@statuses)
-    # set_counters_maps(@statuses)
-    # set_account_counters_maps(@statuses.flat_map { |s| [s.account, s.reblog? ? s.reblog.account : nil] }.compact.uniq)
 
-    next_path = api_v1_hashtag_timeline_url(params[:id], max_id: @statuses.last.id)    unless @statuses.empty?
-    prev_path = api_v1_hashtag_timeline_url(params[:id], since_id: @statuses.first.id) unless @statuses.empty?
+    next_path = api_v1_hashtag_timeline_url(params[:id], pagination_params(max_id: @statuses.last.id))    unless @statuses.empty?
+    prev_path = api_v1_hashtag_timeline_url(params[:id], pagination_params(since_id: @statuses.first.id)) unless @statuses.empty?
 
     set_pagination_headers(next_path, prev_path)
 
@@ -60,4 +54,8 @@ def tag
   def cache_collection(raw)
     super(raw, Status)
   end
+
+  def pagination_params(core_params)
+    params.permit(:local, :limit).merge(core_params)
+  end
 end