[feature] Client API endpoints + v. basic web view for pinned posts (#…

…1547)

* implement status pin client api + web handler

* make test names + comments more descriptive

* don't use separate table for status pins

* remove unused add + remove checking

* tidy up + add some more tests

docs/api/swagger.yaml

@@ -5096,6 +5096,45 @@ paths:
             summary: View accounts that have faved/starred/liked the target status.
             tags:
                 - statuses
+    /api/v1/statuses/{id}/pin:
+        post:
+            description: |-
+                You can only pin original posts (not reblogs) that you authored yourself.
+
+                Supported privacy levels for pinned posts are public, unlisted, and private/followers-only,
+                but only public posts will appear on the web version of your profile.
+            operationId: statusPin
+            parameters:
+                - description: Target status ID.
+                  in: path
+                  name: id
+                  required: true
+                  type: string
+            produces:
+                - application/json
+            responses:
+                "200":
+                    description: The status.
+                    schema:
+                        $ref: '#/definitions/status'
+                "400":
+                    description: bad request
+                "401":
+                    description: unauthorized
+                "403":
+                    description: forbidden
+                "404":
+                    description: not found
+                "406":
+                    description: not acceptable
+                "500":
+                    description: internal server error
+            security:
+                - OAuth2 Bearer:
+                    - write:accounts
+            summary: Pin a status to the top of your profile, and add it to your Featured ActivityPub collection.
+            tags:
+                - statuses
     /api/v1/statuses/{id}/reblog:
         post:
             description: |-
@@ -5233,6 +5272,40 @@ paths:
             summary: Unstar/unlike/unfavourite the given status.
             tags:
                 - statuses
+    /api/v1/statuses/{id}/unpin:
+        post:
+            operationId: statusUnpin
+            parameters:
+                - description: Target status ID.
+                  in: path
+                  name: id
+                  required: true
+                  type: string
+            produces:
+                - application/json
+            responses:
+                "200":
+                    description: The status.
+                    schema:
+                        $ref: '#/definitions/status'
+                "400":
+                    description: bad request
+                "401":
+                    description: unauthorized
+                "403":
+                    description: forbidden
+                "404":
+                    description: not found
+                "406":
+                    description: not acceptable
+                "500":
+                    description: internal server error
+            security:
+                - OAuth2 Bearer:
+                    - write:accounts
+            summary: Unpin one of your pinned statuses.
+            tags:
+                - statuses
     /api/v1/statuses/{id}/unreblog:
         post:
             operationId: statusUnreblog

internal/api/activitypub/users/inboxpost_test.go

@@ -481,7 +481,7 @@ func (suite *InboxPostTestSuite) TestPostDelete() {
 	}
 
 	// no statuses from foss satan should be left in the database
-	dbStatuses, err := suite.db.GetAccountStatuses(ctx, deletedAccount.ID, 0, false, false, "", "", false, false, false)
+	dbStatuses, err := suite.db.GetAccountStatuses(ctx, deletedAccount.ID, 0, false, false, "", "", false, false)
 	suite.ErrorIs(err, db.ErrNoEntries)
 	suite.Empty(dbStatuses)
 

internal/api/client/accounts/statuses_test.go

@@ -27,10 +27,10 @@ import (
 	"testing"
 
 	"github.com/gin-gonic/gin"
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 type AccountStatusesTestSuite struct {
@@ -62,7 +62,7 @@ func (suite *AccountStatusesTestSuite) TestGetStatusesPublicOnly() {
 
 	// check the response
 	b, err := ioutil.ReadAll(result.Body)
-	assert.NoError(suite.T(), err)
+	suite.NoError(err)
 
 	// unmarshal the returned statuses
 	apimodelStatuses := []*apimodel.Status{}
@@ -74,7 +74,7 @@ func (suite *AccountStatusesTestSuite) TestGetStatusesPublicOnly() {
 		suite.Equal(apimodel.VisibilityPublic, s.Visibility)
 	}
 
-	suite.Equal(`<http://localhost:8080/api/v1/accounts/01F8MH17FWEB39HZJ76B6VXSKF/statuses?limit=20&max_id=01F8MH75CBF9JFX4ZAD54N0W0R&exclude_replies=false&exclude_reblogs=false&pinned_only=false&only_media=false&only_public=true>; rel="next", <http://localhost:8080/api/v1/accounts/01F8MH17FWEB39HZJ76B6VXSKF/statuses?limit=20&min_id=01G36SF3V6Y6V5BF9P4R7PQG7G&exclude_replies=false&exclude_reblogs=false&pinned_only=false&only_media=false&only_public=true>; rel="prev"`, result.Header.Get("link"))
+	suite.Equal(`<http://localhost:8080/api/v1/accounts/01F8MH17FWEB39HZJ76B6VXSKF/statuses?limit=20&max_id=01F8MH75CBF9JFX4ZAD54N0W0R&exclude_replies=false&exclude_reblogs=false&pinned=false&only_media=false&only_public=true>; rel="next", <http://localhost:8080/api/v1/accounts/01F8MH17FWEB39HZJ76B6VXSKF/statuses?limit=20&min_id=01G36SF3V6Y6V5BF9P4R7PQG7G&exclude_replies=false&exclude_reblogs=false&pinned=false&only_media=false&only_public=true>; rel="prev"`, result.Header.Get("link"))
 }
 
 func (suite *AccountStatusesTestSuite) TestGetStatusesPublicOnlyMediaOnly() {
@@ -102,7 +102,7 @@ func (suite *AccountStatusesTestSuite) TestGetStatusesPublicOnlyMediaOnly() {
 
 	// check the response
 	b, err := ioutil.ReadAll(result.Body)
-	assert.NoError(suite.T(), err)
+	suite.NoError(err)
 
 	// unmarshal the returned statuses
 	apimodelStatuses := []*apimodel.Status{}
@@ -115,7 +115,176 @@ func (suite *AccountStatusesTestSuite) TestGetStatusesPublicOnlyMediaOnly() {
 		suite.Equal(apimodel.VisibilityPublic, s.Visibility)
 	}
 
-	suite.Equal(`<http://localhost:8080/api/v1/accounts/01F8MH17FWEB39HZJ76B6VXSKF/statuses?limit=20&max_id=01F8MH75CBF9JFX4ZAD54N0W0R&exclude_replies=false&exclude_reblogs=false&pinned_only=false&only_media=true&only_public=true>; rel="next", <http://localhost:8080/api/v1/accounts/01F8MH17FWEB39HZJ76B6VXSKF/statuses?limit=20&min_id=01F8MH75CBF9JFX4ZAD54N0W0R&exclude_replies=false&exclude_reblogs=false&pinned_only=false&only_media=true&only_public=true>; rel="prev"`, result.Header.Get("link"))
+	suite.Equal(`<http://localhost:8080/api/v1/accounts/01F8MH17FWEB39HZJ76B6VXSKF/statuses?limit=20&max_id=01F8MH75CBF9JFX4ZAD54N0W0R&exclude_replies=false&exclude_reblogs=false&pinned=false&only_media=true&only_public=true>; rel="next", <http://localhost:8080/api/v1/accounts/01F8MH17FWEB39HZJ76B6VXSKF/statuses?limit=20&min_id=01F8MH75CBF9JFX4ZAD54N0W0R&exclude_replies=false&exclude_reblogs=false&pinned=false&only_media=true&only_public=true>; rel="prev"`, result.Header.Get("link"))
+}
+
+func (suite *AccountStatusesTestSuite) TestGetStatusesPinnedOnlyPublicPins() {
+	// admin has a couple statuses pinned
+	// we're getting pinned statuses of admin, as local account 1
+	targetAccount := suite.testAccounts["admin_account"]
+	recorder := httptest.NewRecorder()
+	ctx := suite.newContext(recorder, http.MethodGet, nil, fmt.Sprintf("/api/v1/accounts/%s/statuses?pinned=true", targetAccount.ID), "")
+	ctx.Params = gin.Params{
+		gin.Param{
+			Key:   accounts.IDKey,
+			Value: targetAccount.ID,
+		},
+	}
+
+	// call the handler
+	suite.accountsModule.AccountStatusesGETHandler(ctx)
+
+	// 1. we should have OK because our request was valid
+	suite.Equal(http.StatusOK, recorder.Code)
+
+	// 2. we should have no error message in the result body
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	// check the response
+	b, err := ioutil.ReadAll(result.Body)
+	suite.NoError(err)
+
+	// unmarshal the returned statuses
+	apimodelStatuses := []*apimodel.Status{}
+	err = json.Unmarshal(b, &apimodelStatuses)
+	suite.NoError(err)
+	suite.Len(apimodelStatuses, 2)
+	suite.Empty(result.Header.Get("link"))
+
+	for _, s := range apimodelStatuses {
+		// Requesting account doesn't own these
+		// statuses, so pinned should be false.
+		suite.False(s.Pinned)
+	}
+}
+
+func (suite *AccountStatusesTestSuite) TestGetStatusesPinnedOnlyNotFollowing() {
+	// local account 2 has a followers-only status pinned
+	// we're getting pinned statuses of local account 2 with an account that doesn't follow it
+	targetAccount := suite.testAccounts["local_account_2"]
+	recorder := httptest.NewRecorder()
+	ctx := suite.newContext(recorder, http.MethodGet, nil, fmt.Sprintf("/api/v1/accounts/%s/statuses?pinned=true", targetAccount.ID), "")
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["admin_account"])
+	ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens["admin_account"]))
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["admin_account"])
+	ctx.Params = gin.Params{
+		gin.Param{
+			Key:   accounts.IDKey,
+			Value: targetAccount.ID,
+		},
+	}
+
+	// call the handler
+	suite.accountsModule.AccountStatusesGETHandler(ctx)
+
+	// 1. we should have OK because our request was valid
+	suite.Equal(http.StatusOK, recorder.Code)
+
+	// 2. we should have no error message in the result body
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	// check the response
+	b, err := ioutil.ReadAll(result.Body)
+	suite.NoError(err)
+
+	// unmarshal the returned statuses
+	apimodelStatuses := []*apimodel.Status{}
+	err = json.Unmarshal(b, &apimodelStatuses)
+	suite.NoError(err)
+	suite.Empty(apimodelStatuses)
+	suite.Empty(result.Header.Get("link"))
+}
+
+func (suite *AccountStatusesTestSuite) TestGetStatusesPinnedOnlyFollowing() {
+	// local account 2 has a followers-only status pinned
+	// we're getting pinned statuses of local account 2 with an account that *DOES* follow it
+	targetAccount := suite.testAccounts["local_account_2"]
+	recorder := httptest.NewRecorder()
+	ctx := suite.newContext(recorder, http.MethodGet, nil, fmt.Sprintf("/api/v1/accounts/%s/statuses?pinned=true", targetAccount.ID), "")
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens["local_account_1"]))
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
+	ctx.Params = gin.Params{
+		gin.Param{
+			Key:   accounts.IDKey,
+			Value: targetAccount.ID,
+		},
+	}
+
+	// call the handler
+	suite.accountsModule.AccountStatusesGETHandler(ctx)
+
+	// 1. we should have OK because our request was valid
+	suite.Equal(http.StatusOK, recorder.Code)
+
+	// 2. we should have no error message in the result body
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	// check the response
+	b, err := ioutil.ReadAll(result.Body)
+	suite.NoError(err)
+
+	// unmarshal the returned statuses
+	apimodelStatuses := []*apimodel.Status{}
+	err = json.Unmarshal(b, &apimodelStatuses)
+	suite.NoError(err)
+	suite.Len(apimodelStatuses, 1)
+	suite.Empty(result.Header.Get("link"))
+
+	for _, s := range apimodelStatuses {
+		// Requesting account doesn't own these
+		// statuses, so pinned should be false.
+		suite.False(s.Pinned)
+	}
+}
+
+func (suite *AccountStatusesTestSuite) TestGetStatusesPinnedOnlyGetOwn() {
+	// local account 2 has a followers-only status pinned
+	// we're getting pinned statuses of local account 2 with local account 2!
+	targetAccount := suite.testAccounts["local_account_2"]
+	recorder := httptest.NewRecorder()
+	ctx := suite.newContext(recorder, http.MethodGet, nil, fmt.Sprintf("/api/v1/accounts/%s/statuses?pinned=true", targetAccount.ID), "")
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_2"])
+	ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens["local_account_2"]))
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_2"])
+	ctx.Params = gin.Params{
+		gin.Param{
+			Key:   accounts.IDKey,
+			Value: targetAccount.ID,
+		},
+	}
+
+	// call the handler
+	suite.accountsModule.AccountStatusesGETHandler(ctx)
+
+	// 1. we should have OK because our request was valid
+	suite.Equal(http.StatusOK, recorder.Code)
+
+	// 2. we should have no error message in the result body
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	// check the response
+	b, err := ioutil.ReadAll(result.Body)
+	suite.NoError(err)
+
+	// unmarshal the returned statuses
+	apimodelStatuses := []*apimodel.Status{}
+	err = json.Unmarshal(b, &apimodelStatuses)
+	suite.NoError(err)
+	suite.Len(apimodelStatuses, 1)
+	suite.Empty(result.Header.Get("link"))
+
+	for _, s := range apimodelStatuses {
+		// Requesting account owns pinned statuses.
+		suite.True(s.Pinned)
+	}
 }
 
 func TestAccountStatusesTestSuite(t *testing.T) {

internal/api/client/statuses/status.go

@@ -88,6 +88,10 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
 	attachHandler(http.MethodPost, UnfavouritePath, m.StatusUnfavePOSTHandler)
 	attachHandler(http.MethodGet, FavouritedPath, m.StatusFavedByGETHandler)
 
+	// pin stuff
+	attachHandler(http.MethodPost, PinPath, m.StatusPinPOSTHandler)
+	attachHandler(http.MethodPost, UnpinPath, m.StatusUnpinPOSTHandler)
+
 	// reblog stuff
 	attachHandler(http.MethodPost, ReblogPath, m.StatusBoostPOSTHandler)
 	attachHandler(http.MethodPost, UnreblogPath, m.StatusUnboostPOSTHandler)