diff --git a/config/config.exs b/config/config.exs index 07e98011d0..033f1c1e1d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -727,7 +727,8 @@ status_id_action: {60_000, 3}, password_reset: {1_800_000, 5}, account_confirmation_resend: {8_640_000, 5}, - ap_routes: {60_000, 15} + ap_routes: {60_000, 15}, + bites: {10_000, 10} config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true, min_lifetime: 600 diff --git a/lib/pleroma/web/mastodon_api/controllers/bite_controller.ex b/lib/pleroma/web/mastodon_api/controllers/bite_controller.ex index 69d865cb9b..48552a8dac 100644 --- a/lib/pleroma/web/mastodon_api/controllers/bite_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/bite_controller.ex @@ -9,14 +9,13 @@ defmodule Pleroma.Web.MastodonAPI.BiteController do alias Pleroma.Web.CommonAPI alias Pleroma.Web.Plugs.OAuthScopesPlug - # alias Pleroma.Web.Plugs.RateLimiter + alias Pleroma.Web.Plugs.RateLimiter plug(Pleroma.Web.ApiSpec.CastAndValidate, replace_params: false) - plug(OAuthScopesPlug, %{scopes: ["write:bite"]} when action == :bite) + plug(OAuthScopesPlug, %{scopes: ["write:bites"]} when action == :bite) - # plug(RateLimiter, [name: :relations_actions] when action in @relationship_actions) - # plug(RateLimiter, [name: :app_account_creation] when action == :create) + plug(RateLimiter, [name: :bites]) plug(:assign_account_by_id) diff --git a/test/pleroma/web/mastodon_api/controllers/bite_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/bite_controller_test.exs new file mode 100644 index 0000000000..dff5d01a65 --- /dev/null +++ b/test/pleroma/web/mastodon_api/controllers/bite_controller_test.exs @@ -0,0 +1,30 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2024 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MastodonAPI.BiteControllerTest do + use Pleroma.Web.ConnCase + import Pleroma.Factory + + setup do: oauth_access(["write:bites"]) + + test "bites a user", %{conn: conn} do + %{id: bitten_id} = insert(:user) + + response = + conn + |> post("/api/v1/bite?id=#{bitten_id}") + |> json_response_and_validate_schema(200) + + assert response == %{} + end + + test "self harm is not supported", %{conn: conn, user: %{id: self_id}} do + response = + conn + |> post("/api/v1/bite?id=#{self_id}") + |> json_response_and_validate_schema(400) + + assert %{"error" => "Can not bite yourself"} = response + end +end