@@ -1,17 +1,25 @@ | |||||
# frozen_string_literal: true | # frozen_string_literal: true | ||||
class Api::OEmbedController < Api::BaseController | class Api::OEmbedController < Api::BaseController | ||||
respond_to :json | |||||
skip_before_action :require_authenticated_user! | skip_before_action :require_authenticated_user! | ||||
before_action :set_status | |||||
before_action :require_public_status! | |||||
def show | def show | ||||
@status = status_finder.status | |||||
render json: @status, serializer: OEmbedSerializer, width: maxwidth_or_default, height: maxheight_or_default | render json: @status, serializer: OEmbedSerializer, width: maxwidth_or_default, height: maxheight_or_default | ||||
end | end | ||||
private | private | ||||
def set_status | |||||
@status = status_finder.status | |||||
end | |||||
def require_public_status! | |||||
not_found if @status.hidden? | |||||
end | |||||
def status_finder | def status_finder | ||||
StatusFinder.new(params[:url]) | StatusFinder.new(params[:url]) | ||||
end | end | ||||
@@ -46,7 +46,7 @@ class StatusesController < ApplicationController | |||||
end | end | ||||
def embed | def embed | ||||
raise ActiveRecord::RecordNotFound if @status.hidden? | |||||
return not_found if @status.hidden? | |||||
expires_in 180, public: true | expires_in 180, public: true | ||||
response.headers['X-Frame-Options'] = 'ALLOWALL' | response.headers['X-Frame-Options'] = 'ALLOWALL' | ||||
@@ -68,7 +68,7 @@ class StatusesController < ApplicationController | |||||
@status = @account.statuses.find(params[:id]) | @status = @account.statuses.find(params[:id]) | ||||
authorize @status, :show? | authorize @status, :show? | ||||
rescue Mastodon::NotPermittedError | rescue Mastodon::NotPermittedError | ||||
raise ActiveRecord::RecordNotFound | |||||
not_found | |||||
end | end | ||||
def set_instance_presenter | def set_instance_presenter | ||||