Gab Social. All are welcome.

app/controllers/api/web/base_controller.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Api::Web::BaseController < Api::BaseController
+  protect_from_forgery with: :exception
+
+  rescue_from ActionController::InvalidAuthenticityToken do
+    render json: { error: "Can't verify CSRF token authenticity." }, status: 422
+  end
+end

app/controllers/api/web/embeds_controller.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class Api::Web::EmbedsController < Api::Web::BaseController
+  respond_to :json
+
+  before_action :require_user!
+
+  def create
+    status = StatusFinder.new(params[:url]).status
+    render json: status, serializer: OEmbedSerializer, width: 400
+  rescue ActiveRecord::RecordNotFound
+    oembed = FetchOEmbedService.new.call(params[:url])
+    oembed[:html] = Formatter.instance.sanitize(oembed[:html], Sanitize::Config::GABSOCIAL_OEMBED) if oembed[:html].present?
+
+    if oembed
+      render json: oembed
+    else
+      render json: {}, status: :not_found
+    end
+  end
+end

app/controllers/api/web/push_subscriptions_controller.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+class Api::Web::PushSubscriptionsController < Api::Web::BaseController
+  respond_to :json
+
+  before_action :require_user!
+
+  def create
+    active_session = current_session
+
+    unless active_session.web_push_subscription.nil?
+      active_session.web_push_subscription.destroy!
+      active_session.update!(web_push_subscription: nil)
+    end
+
+    # Mobile devices do not support regular notifications, so we enable push notifications by default
+    alerts_enabled = active_session.detection.device.mobile? || active_session.detection.device.tablet?
+
+    data = {
+      alerts: {
+        follow: alerts_enabled,
+        favourite: alerts_enabled,
+        reblog: alerts_enabled,
+        mention: alerts_enabled,
+        poll: alerts_enabled,
+      },
+    }
+
+    data.deep_merge!(data_params) if params[:data]
+
+    web_subscription = ::Web::PushSubscription.create!(
+      endpoint: subscription_params[:endpoint],
+      key_p256dh: subscription_params[:keys][:p256dh],
+      key_auth: subscription_params[:keys][:auth],
+      data: data,
+      user_id: active_session.user_id,
+      access_token_id: active_session.access_token_id
+    )
+
+    active_session.update!(web_push_subscription: web_subscription)
+
+    render json: web_subscription, serializer: REST::WebPushSubscriptionSerializer
+  end
+
+  def update
+    params.require([:id])
+
+    web_subscription = ::Web::PushSubscription.find(params[:id])
+    web_subscription.update!(data: data_params)
+
+    render json: web_subscription, serializer: REST::WebPushSubscriptionSerializer
+  end
+
+  private
+
+  def subscription_params
+    @subscription_params ||= params.require(:subscription).permit(:endpoint, keys: [:auth, :p256dh])
+  end
+
+  def data_params
+    @data_params ||= params.require(:data).permit(alerts: [:follow, :favourite, :reblog, :mention, :poll])
+  end
+end

app/controllers/api/web/settings_controller.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class Api::Web::SettingsController < Api::Web::BaseController
+  respond_to :json
+
+  before_action :require_user!
+
+  def update
+    setting.data = params[:data]
+    setting.save!
+
+    render_empty
+  end
+
+  private
+
+  def setting
+    @_setting ||= ::Web::Setting.where(user: current_user).first_or_initialize(user: current_user)
+  end
+end