12b935fadf
Conflicts: - `.github/dependabot.yml`: Updated upstream, removed in glitch-soc to disable noise. Kept removed. - `CODE_OF_CONDUCT.md`: Upstream updated to a new version of the covenant, but I have not read it yet, so kept unchanged. - `Gemfile.lock`: Not a real conflict, one upstream dependency updated textually too close to the glitch-soc only `hcaptcha` dependency. Applied upstream changes. - `app/controllers/admin/base_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/controllers/application_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/controllers/disputes/base_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/controllers/relationships_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/controllers/statuses_cleanup_controller.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/helpers/application_helper.rb`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `app/javascript/mastodon/features/compose/components/compose_form.jsx`: Upstream added a highlight animation for onboarding, while we changed the max character limit. Applied our local changes on top of upstream's new version. - `app/views/layouts/application.html.haml`: Minor conflict due to glitch-soc's theming system. Applied upstream changes. - `stylelint.config.js`: Upstream added ignore paths, glitch-soc had extra ignore paths. Added the same paths as upstream.
55 lines
1.3 KiB
Ruby
55 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class MediaController < ApplicationController
|
|
include Authorization
|
|
|
|
skip_before_action :require_functional!, unless: :whitelist_mode?
|
|
|
|
before_action :authenticate_user!, if: :whitelist_mode?
|
|
before_action :set_media_attachment
|
|
before_action :verify_permitted_status!
|
|
before_action :check_playable, only: :player
|
|
before_action :allow_iframing, only: :player
|
|
before_action :set_pack, only: :player
|
|
|
|
content_security_policy only: :player do |policy|
|
|
policy.frame_ancestors(false)
|
|
end
|
|
|
|
def show
|
|
redirect_to @media_attachment.file.url(:original)
|
|
end
|
|
|
|
def player
|
|
@body_classes = 'player'
|
|
end
|
|
|
|
private
|
|
|
|
def set_media_attachment
|
|
id = params[:id] || params[:medium_id]
|
|
return if id.nil?
|
|
|
|
scope = MediaAttachment.local.attached
|
|
# If id is 19 characters long, it's a shortcode, otherwise it's an identifier
|
|
@media_attachment = id.size == 19 ? scope.find_by!(shortcode: id) : scope.find(id)
|
|
end
|
|
|
|
def verify_permitted_status!
|
|
authorize @media_attachment.status, :show?
|
|
rescue Mastodon::NotPermittedError
|
|
not_found
|
|
end
|
|
|
|
def check_playable
|
|
not_found unless @media_attachment.larger_media_format?
|
|
end
|
|
|
|
def allow_iframing
|
|
response.headers['X-Frame-Options'] = 'ALLOWALL'
|
|
end
|
|
|
|
def set_pack
|
|
use_pack 'public'
|
|
end
|
|
end
|