tootlab-mastodon/app/controllers/api/web/embeds_controller.rb

# frozen_string_literal: true

class Api::Web::EmbedsController < Api::Web::BaseController
  include Authorization

  before_action :set_status

  def show
    return not_found if @status.hidden?

    if @status.local?
      render json: @status, serializer: OEmbedSerializer, width: 400
    else
      return not_found unless user_signed_in?

      url = ActivityPub::TagManager.instance.url_for(@status)
      oembed = FetchOEmbedService.new.call(url)
      return not_found if oembed.nil?

      begin
        oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED)
      rescue ArgumentError
        return not_found
      end

      render json: oembed
    end
  end

  def set_status
    @status = Status.find(params[:id])
    authorize @status, :show?
  rescue Mastodon::NotPermittedError
    not_found
  end
end
Embed modal (#4748) * Embed modal * Proxy OEmbed requests from web UI 2017-08-30 21:38:35 -04:00			`# frozen_string_literal: true`

Improve web api protect (#6343) 2018-04-17 09:23:46 -04:00			`class Api::Web::EmbedsController < Api::Web::BaseController`
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 09:53:03 -04:00			`include Authorization`
Embed modal (#4748) * Embed modal * Proxy OEmbed requests from web UI 2017-08-30 21:38:35 -04:00
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 09:53:03 -04:00			`before_action :set_status`
Fix malformed HTML causing uncaught error (#13042) Fix OEmbed preview API leaking existence of private statuses (see #12930) 2020-02-07 09:24:22 -05:00
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 09:53:03 -04:00			`def show`
			`return not_found if @status.hidden?`
Fix malformed HTML causing uncaught error (#13042) Fix OEmbed preview API leaking existence of private statuses (see #12930) 2020-02-07 09:24:22 -05:00
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 09:53:03 -04:00			`if @status.local?`
			`render json: @status, serializer: OEmbedSerializer, width: 400`
			`else`
			`return not_found unless user_signed_in?`
Slightly reduce RAM usage (#7301) * No need to re-require sidekiq plugins, they are required via Gemfile * Add derailed_benchmarks tool, no need to require TTY gems in Gemfile * Replace ruby-oembed with FetchOEmbedService Reduce startup by 45382 allocated objects * Remove preloaded JSON-LD in favour of caching HTTP responses Reduce boot RAM by about 6 MiB * Fix tests * Fix test suite by stubbing out JSON-LD contexts 2018-05-02 12:58:48 -04:00
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 09:53:03 -04:00			`url = ActivityPub::TagManager.instance.url_for(@status)`
			`oembed = FetchOEmbedService.new.call(url)`
			`return not_found if oembed.nil?`
Fix malformed HTML causing uncaught error (#13042) Fix OEmbed preview API leaking existence of private statuses (see #12930) 2020-02-07 09:24:22 -05:00
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 09:53:03 -04:00			`begin`
			`oembed[:html] = Sanitize.fragment(oembed[:html], Sanitize::Config::MASTODON_OEMBED)`
			`rescue ArgumentError`
			`return not_found`
			`end`

			`render json: oembed`
Slightly reduce RAM usage (#7301) * No need to re-require sidekiq plugins, they are required via Gemfile * Add derailed_benchmarks tool, no need to require TTY gems in Gemfile * Replace ruby-oembed with FetchOEmbedService Reduce startup by 45382 allocated objects * Remove preloaded JSON-LD in favour of caching HTTP responses Reduce boot RAM by about 6 MiB * Fix tests * Fix test suite by stubbing out JSON-LD contexts 2018-05-02 12:58:48 -04:00			`end`
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 09:53:03 -04:00			`end`
Fix malformed HTML causing uncaught error (#13042) Fix OEmbed preview API leaking existence of private statuses (see #12930) 2020-02-07 09:24:22 -05:00
Fix embed dropdown menu item for unauthenticated users (#25964) 2023-07-13 09:53:03 -04:00			`def set_status`
			`@status = Status.find(params[:id])`
			`authorize @status, :show?`
			`rescue Mastodon::NotPermittedError`
			`not_found`
Embed modal (#4748) * Embed modal * Proxy OEmbed requests from web UI 2017-08-30 21:38:35 -04:00			`end`
			`end`