[feature] Add config option to expose custom emojis without auth (#4233)

# Description > If this is a code change, please include a summary of what you've coded, and link to the issue(s) it closes/implements. > > If this is a documentation change, please briefly describe what you've changed and why. Does as it says on the tin! Should make things a bit easier for clients that don't provide an access token to the custom emojis endpoint. Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/2430 ## Checklist Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]` If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want). - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [x] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [x] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4233 Reviewed-by: Daenney <daenney@noreply.codeberg.org> Co-authored-by: tobi <tobi.smethurst@protonmail.com> Co-committed-by: tobi <tobi.smethurst@protonmail.com>
2025-10-29 02:12:25 -05:00 · 2025-06-03 23:30:42 +02:00 · 2025-06-03 23:30:42 +02:00 · 43f1c6d872
commit 43f1c6d872
parent be6d80c020
11 changed files with 95 additions and 9 deletions
--- a/internal/api/client/customemojis/customemojisget.go
+++ b/internal/api/client/customemojis/customemojisget.go
@ -21,6 +21,7 @@ import (
 	"net/http"

 	apiutil "code.superseriousbusiness.org/gotosocial/internal/api/util"
+	"code.superseriousbusiness.org/gotosocial/internal/config"
 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
 	"github.com/gin-gonic/gin"
 )
@ -29,6 +30,8 @@ import (
 //
 // Get an array of custom emojis available on the instance.
 //
+// If the instance config setting `instance-expose-custom-emojis` is `true` then authentication is not required.
+//
 //	---
 //	tags:
 //	- custom_emojis
@ -37,7 +40,8 @@ import (
 //	- application/json
 //
 //	security:
-//	- OAuth2 Bearer: []
+//	- OAuth2 Bearer:
+//		- read:custom_emojis
 //
 //	responses:
 //		'200':
@ -53,12 +57,16 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) CustomEmojisGETHandler(c *gin.Context) {
-	_, errWithCode := apiutil.TokenAuth(c,
-		true, true, true, true,
-	)
-	if errWithCode != nil {
-		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
-		return
+	// If custom emojis are not exposed to unauthed
+	// callers, fail if a token was not provided.
+	if !config.GetInstanceExposeCustomEmojis() {
+		if _, errWithCode := apiutil.TokenAuth(c,
+			true, true, true, true,
+			apiutil.ScopeReadCustomEmojis,
+		); errWithCode != nil {
+			apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+			return
+		}
 	}

 	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
--- a/internal/api/util/scopes.go
+++ b/internal/api/util/scopes.go
@ -31,6 +31,7 @@ const (
 	scopeBlocks        = "blocks"
 	scopeBookmarks     = "bookmarks"
 	scopeConversations = "conversations"
+	scopeCustomEmojis  = "custom_emojis"
 	scopeDomainAllows  = "domain_allows"
 	scopeDomainBlocks  = "domain_blocks"
 	scopeFavourites    = "favourites"
@ -65,6 +66,7 @@ const (
 	ScopeReadBookmarks          Scope = ScopeRead + ":" + scopeBookmarks
 	ScopeWriteBookmarks         Scope = ScopeWrite + ":" + scopeBookmarks
 	ScopeWriteConversations     Scope = ScopeWrite + ":" + scopeConversations
+	ScopeReadCustomEmojis       Scope = ScopeRead + ":" + scopeCustomEmojis
 	ScopeReadFavourites         Scope = ScopeRead + ":" + scopeFavourites
 	ScopeWriteFavourites        Scope = ScopeWrite + ":" + scopeFavourites
 	ScopeReadFilters            Scope = ScopeRead + ":" + scopeFilters
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -96,6 +96,7 @@ type Configuration struct {
 	InstanceExposeAllowlist           bool               `name:"instance-expose-allowlist" usage:"Expose list of allowed domains via web UI, and allow unauthenticated users to query /api/v1/instance/peers?filter=allowed and /api/v1/instance/domain_allows"`
 	InstanceExposeAllowlistWeb        bool               `name:"instance-expose-allowlist-web" usage:"Expose list of explicitly allowed domains as webpage on /about/domain_allows"`
 	InstanceExposePublicTimeline      bool               `name:"instance-expose-public-timeline" usage:"Allow unauthenticated users to query /api/v1/timelines/public"`
+	InstanceExposeCustomEmojis        bool               `name:"instance-expose-custom-emojis" usage:"Allow unauthenticated access to /api/v1/custom_emojis"`
 	InstanceDeliverToSharedInboxes    bool               `name:"instance-deliver-to-shared-inboxes" usage:"Deliver federated messages to shared inboxes, if they're available."`
 	InstanceInjectMastodonVersion     bool               `name:"instance-inject-mastodon-version" usage:"This injects a Mastodon compatible version in /api/v1/instance to help Mastodon clients that use that version for feature detection"`
 	InstanceLanguages                 language.Languages `name:"instance-languages" usage:"BCP47 language tags for the instance. Used to indicate the preferred languages of instance residents (in order from most-preferred to least-preferred)."`
--- a/internal/config/defaults.go
+++ b/internal/config/defaults.go
@ -63,6 +63,7 @@ var Defaults = Configuration{
 	InstanceExposePeers:               false,
 	InstanceExposeBlocklist:           false,
 	InstanceExposeBlocklistWeb:        false,
+	InstanceExposeCustomEmojis:        false,
 	InstanceDeliverToSharedInboxes:    true,
 	InstanceLanguages:                 make(language.Languages, 0),
 	InstanceSubscriptionsProcessFrom:  "23:00",        // 11pm,
--- a/internal/config/helpers.gen.go
+++ b/internal/config/helpers.gen.go
@ -68,6 +68,7 @@ func (cfg *Configuration) RegisterFlags(flags *pflag.FlagSet) {
 	flags.Bool("instance-expose-allowlist", cfg.InstanceExposeAllowlist, "Expose list of allowed domains via web UI, and allow unauthenticated users to query /api/v1/instance/peers?filter=allowed and /api/v1/instance/domain_allows")
 	flags.Bool("instance-expose-allowlist-web", cfg.InstanceExposeAllowlistWeb, "Expose list of explicitly allowed domains as webpage on /about/domain_allows")
 	flags.Bool("instance-expose-public-timeline", cfg.InstanceExposePublicTimeline, "Allow unauthenticated users to query /api/v1/timelines/public")
+	flags.Bool("instance-expose-custom-emojis", cfg.InstanceExposeCustomEmojis, "Allow unauthenticated access to /api/v1/custom_emojis")
 	flags.Bool("instance-deliver-to-shared-inboxes", cfg.InstanceDeliverToSharedInboxes, "Deliver federated messages to shared inboxes, if they're available.")
 	flags.Bool("instance-inject-mastodon-version", cfg.InstanceInjectMastodonVersion, "This injects a Mastodon compatible version in /api/v1/instance to help Mastodon clients that use that version for feature detection")
 	flags.StringSlice("instance-languages", cfg.InstanceLanguages.Strings(), "BCP47 language tags for the instance. Used to indicate the preferred languages of instance residents (in order from most-preferred to least-preferred).")
@ -212,7 +213,7 @@ func (cfg *Configuration) RegisterFlags(flags *pflag.FlagSet) {
 }

 func (cfg *Configuration) MarshalMap() map[string]any {
-	cfgmap := make(map[string]any, 186)
+	cfgmap := make(map[string]any, 188)
 	cfgmap["log-level"] = cfg.LogLevel
 	cfgmap["log-timestamp-format"] = cfg.LogTimestampFormat
 	cfgmap["log-db-queries"] = cfg.LogDbQueries
@ -252,6 +253,7 @@ func (cfg *Configuration) MarshalMap() map[string]any {
 	cfgmap["instance-expose-allowlist"] = cfg.InstanceExposeAllowlist
 	cfgmap["instance-expose-allowlist-web"] = cfg.InstanceExposeAllowlistWeb
 	cfgmap["instance-expose-public-timeline"] = cfg.InstanceExposePublicTimeline
+	cfgmap["instance-expose-custom-emojis"] = cfg.InstanceExposeCustomEmojis
 	cfgmap["instance-deliver-to-shared-inboxes"] = cfg.InstanceDeliverToSharedInboxes
 	cfgmap["instance-inject-mastodon-version"] = cfg.InstanceInjectMastodonVersion
 	cfgmap["instance-languages"] = cfg.InstanceLanguages.Strings()
@ -724,6 +726,14 @@ func (cfg *Configuration) UnmarshalMap(cfgmap map[string]any) error {
 		}
 	}

+	if ival, ok := cfgmap["instance-expose-custom-emojis"]; ok {
+		var err error
+		cfg.InstanceExposeCustomEmojis, err = cast.ToBoolE(ival)
+		if err != nil {
+			return fmt.Errorf("error casting %#v -> bool for 'instance-expose-custom-emojis': %w", ival, err)
+		}
+	}
+
 	if ival, ok := cfgmap["instance-deliver-to-shared-inboxes"]; ok {
 		var err error
 		cfg.InstanceDeliverToSharedInboxes, err = cast.ToBoolE(ival)
@ -2917,6 +2927,31 @@ func GetInstanceExposePublicTimeline() bool { return global.GetInstanceExposePub
 // SetInstanceExposePublicTimeline safely sets the value for global configuration 'InstanceExposePublicTimeline' field
 func SetInstanceExposePublicTimeline(v bool) { global.SetInstanceExposePublicTimeline(v) }

+// InstanceExposeCustomEmojisFlag returns the flag name for the 'InstanceExposeCustomEmojis' field
+func InstanceExposeCustomEmojisFlag() string { return "instance-expose-custom-emojis" }
+
+// GetInstanceExposeCustomEmojis safely fetches the Configuration value for state's 'InstanceExposeCustomEmojis' field
+func (st *ConfigState) GetInstanceExposeCustomEmojis() (v bool) {
+	st.mutex.RLock()
+	v = st.config.InstanceExposeCustomEmojis
+	st.mutex.RUnlock()
+	return
+}
+
+// SetInstanceExposeCustomEmojis safely sets the Configuration value for state's 'InstanceExposeCustomEmojis' field
+func (st *ConfigState) SetInstanceExposeCustomEmojis(v bool) {
+	st.mutex.Lock()
+	defer st.mutex.Unlock()
+	st.config.InstanceExposeCustomEmojis = v
+	st.reloadToViper()
+}
+
+// GetInstanceExposeCustomEmojis safely fetches the value for global configuration 'InstanceExposeCustomEmojis' field
+func GetInstanceExposeCustomEmojis() bool { return global.GetInstanceExposeCustomEmojis() }
+
+// SetInstanceExposeCustomEmojis safely sets the value for global configuration 'InstanceExposeCustomEmojis' field
+func SetInstanceExposeCustomEmojis(v bool) { global.SetInstanceExposeCustomEmojis(v) }
+
 // InstanceDeliverToSharedInboxesFlag returns the flag name for the 'InstanceDeliverToSharedInboxes' field
 func InstanceDeliverToSharedInboxesFlag() string { return "instance-deliver-to-shared-inboxes" }