lots of stufffffffffffffffff

internal/api/client/account/account.go

@@ -57,6 +57,8 @@ const (
 	GetStatusesPath = BasePathWithID + "/statuses"
 	// GetFollowersPath is for showing an account's followers
 	GetFollowersPath = BasePathWithID + "/followers"
+	// GetRelationshipsPath is for showing an account's relationship with other accounts
+	GetRelationshipsPath = BasePath + "/relationships"
 )
 
 // Module implements the ClientAPIModule interface for account-related actions
@@ -82,6 +84,7 @@ func (m *Module) Route(r router.Router) error {
 	r.AttachHandler(http.MethodPatch, BasePathWithID, m.muxHandler)
 	r.AttachHandler(http.MethodGet, GetStatusesPath, m.AccountStatusesGETHandler)
 	r.AttachHandler(http.MethodGet, GetFollowersPath, m.AccountFollowersGETHandler)
+	r.AttachHandler(http.MethodGet, GetRelationshipsPath, m.AccountRelationshipsGETHandler)
 	return nil
 }
 

internal/api/client/account/relationships.go

@@ -0,0 +1,41 @@
+package account
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+)
+
+// AccountRelationshipsGETHandler serves the relationship of the requesting account with one or more requested account IDs.
+func (m *Module) AccountRelationshipsGETHandler(c *gin.Context) {
+	l := m.log.WithField("func", "AccountRelationshipsGETHandler")
+
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		l.Debugf("error authing: %s", err)
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
+		return
+	}
+
+	targetAccountIDs := c.QueryArray("id[]")
+	if len(targetAccountIDs) == 0 {
+		l.Debug("no account id specified in query")
+		c.JSON(http.StatusBadRequest, gin.H{"error": "no account id specified"})
+		return
+	}
+
+	relationships := []model.Relationship{}
+
+	for _, targetAccountID := range targetAccountIDs {
+		r, errWithCode := m.processor.AccountRelationshipGet(authed, targetAccountID)
+		if err != nil {
+			c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()})
+			return
+		}
+		relationships = append(relationships, *r)
+	}
+
+	c.JSON(http.StatusOK, relationships)
+}

internal/api/client/followrequest/accept.go

@@ -48,10 +48,11 @@ func (m *Module) FollowRequestAcceptPOSTHandler(c *gin.Context) {
 		return
 	}
 
-	if errWithCode := m.processor.FollowRequestAccept(authed, originAccountID); errWithCode != nil {
+	r, errWithCode := m.processor.FollowRequestAccept(authed, originAccountID)
+	if errWithCode != nil {
 		l.Debug(errWithCode.Error())
 		c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()})
 		return
 	}
-	c.Status(http.StatusOK)
+	c.JSON(http.StatusOK, r)
 }

internal/api/model/account.go

@@ -77,18 +77,18 @@ type Account struct {
 // See https://docs.joinmastodon.org/methods/accounts/
 type AccountCreateRequest struct {
 	// Text that will be reviewed by moderators if registrations require manual approval.
-	Reason string `form:"reason"`
+	Reason string `form:"reason" json:"reason" xml:"reason"`
 	// The desired username for the account
-	Username string `form:"username" binding:"required"`
+	Username string `form:"username" json:"username" xml:"username" binding:"required"`
 	// The email address to be used for login
-	Email string `form:"email" binding:"required"`
+	Email string `form:"email" json:"email" xml:"email" binding:"required"`
 	// The password to be used for login
-	Password string `form:"password" binding:"required"`
+	Password string `form:"password" json:"password" xml:"password" binding:"required"`
 	// Whether the user agrees to the local rules, terms, and policies.
 	// These should be presented to the user in order to allow them to consent before setting this parameter to TRUE.
-	Agreement bool `form:"agreement" binding:"required"`
+	Agreement bool `form:"agreement"  json:"agreement" xml:"agreement" binding:"required"`
 	// The language of the confirmation email that will be sent
-	Locale string `form:"locale" binding:"required"`
+	Locale string `form:"locale" json:"locale" xml:"locale" binding:"required"`
 	// The IP of the sign up request, will not be parsed from the form but must be added manually
 	IP net.IP `form:"-"`
 }
@@ -97,33 +97,33 @@ type AccountCreateRequest struct {
 // See https://docs.joinmastodon.org/methods/accounts/
 type UpdateCredentialsRequest struct {
 	// Whether the account should be shown in the profile directory.
-	Discoverable *bool `form:"discoverable"`
+	Discoverable *bool `form:"discoverable" json:"discoverable" xml:"discoverable"`
 	// Whether the account has a bot flag.
-	Bot *bool `form:"bot"`
+	Bot *bool `form:"bot" json:"bot" xml:"bot"`
 	// The display name to use for the profile.
-	DisplayName *string `form:"display_name"`
+	DisplayName *string `form:"display_name" json:"display_name" xml:"display_name"`
 	// The account bio.
-	Note *string `form:"note"`
+	Note *string `form:"note" json:"note" xml:"note"`
 	// Avatar image encoded using multipart/form-data
-	Avatar *multipart.FileHeader `form:"avatar"`
+	Avatar *multipart.FileHeader `form:"avatar" json:"avatar" xml:"avatar"`
 	// Header image encoded using multipart/form-data
-	Header *multipart.FileHeader `form:"header"`
+	Header *multipart.FileHeader `form:"header" json:"header" xml:"header"`
 	// Whether manual approval of follow requests is required.
-	Locked *bool `form:"locked"`
+	Locked *bool `form:"locked" json:"locked" xml:"locked"`
 	// New Source values for this account
-	Source *UpdateSource `form:"source"`
+	Source *UpdateSource `form:"source" json:"source" xml:"source"`
 	// Profile metadata name and value
-	FieldsAttributes *[]UpdateField `form:"fields_attributes"`
+	FieldsAttributes *[]UpdateField `form:"fields_attributes" json:"fields_attributes" xml:"fields_attributes"`
 }
 
 // UpdateSource is to be used specifically in an UpdateCredentialsRequest.
 type UpdateSource struct {
 	// Default post privacy for authored statuses.
-	Privacy *string `form:"privacy"`
+	Privacy *string `form:"privacy" json:"privacy" xml:"privacy"`
 	// Whether to mark authored statuses as sensitive by default.
-	Sensitive *bool `form:"sensitive"`
+	Sensitive *bool `form:"sensitive" json:"sensitive" xml:"sensitive"`
 	// Default language to use for authored statuses. (ISO 6391)
-	Language *string `form:"language"`
+	Language *string `form:"language" json:"language" xml:"language"`
 }
 
 // UpdateField is to be used specifically in an UpdateCredentialsRequest.

internal/api/security/security.go

@@ -43,5 +43,6 @@ func New(config *config.Config, log *logrus.Logger) api.ClientModule {
 func (m *Module) Route(s router.Router) error {
 	s.AttachMiddleware(m.FlocBlock)
 	s.AttachMiddleware(m.ExtraHeaders)
+	s.AttachMiddleware(m.UserAgentBlock)
 	return nil
 }

internal/api/security/useragentblock.go

@@ -0,0 +1,43 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package security
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+)
+
+// UserAgentBlock is a middleware that prevents google chrome cohort tracking by
+// writing the Permissions-Policy header after all other parts of the request have been completed.
+// See: https://plausible.io/blog/google-floc
+func (m *Module) UserAgentBlock(c *gin.Context) {
+
+	ua := c.Request.UserAgent()
+	if ua == "" {
+		c.AbortWithStatus(http.StatusTeapot)
+		return
+	}
+
+	if strings.Contains(strings.ToLower(c.Request.UserAgent()), strings.ToLower("friendica")) {
+		c.AbortWithStatus(http.StatusTeapot)
+		return
+	}
+}