Comments (6)
I'll fix this as soon as possible, thanks!
I wonder if something changed since tootle added it 6 years ago and why it was made unauthorized to begin with. Some endpoints on mastodon's docs are definitely copy-pasted / from a template and don't actually match the actual implementation 🤷
from tuba.
My guess is this happened in 0.6.0, not 0.6.1 since that only included a translation fix. Just hadn't upgraded yet. It definitely worked fine on 0.5.
from tuba.
Nice catch! So, this is happening due to this: ede5556
Since Tootle/before Tuba, when a mention was clicked, it would first check if it's included in the "mentions" field of the status and try to open the account from the ID, otherwise go through the rest of the resolving process (which ends with a request to the instance's search api). That never worked due to the typo that the linked commit fixed.
API wise, it does an unauthorized request to the active account's /api/v1/accounts/$id
. It doesn't seem to require the token on mastodon even with auth_fetch (https://tech.lgbt/api/v1/accounts/109242
) but it also wouldn't hurt to provide it either
What do you think would be the best solution?
- Ask GoToSocial to make it unauthorized
- Tuba provides the token
- Remove the whole mention checking thing and just let resolving figure it out
I'm mostly leaning towards the second option. GoToSocial requiring auth for it sounds reasonable (even if it was unintentional) and going straight to resolving when we could save some time by opening it manually doesn't seem that appropriate
from tuba.
As I'm one of the GoToSocial developers, we tend to not make API endpoints like these public as they can easily be used for data scraping and other stuff.
I haven't ran into this with other clients I use but I'm not sure which approach they take. Looking at the Masto API documentation, it does seem like providing an Authorization
header with the token is a supported thing for Get account, and it does document a possible unauthorized response if it is missing in case authentication is required for the endpoint.
Based on that, I would be inclined to change it to include the token in the request.
from tuba.
The one bit of the docs that has me a bit confused, is that in the 401 unauthorized response it says this can happen if the instance is in whitelist mode. I believe what they mean by that is authorized fetch, but I'm not 100% sure. That would contradict what you found in testing though, so that's rather interesting.
from tuba.
Yap, we've noticed that. It's hard to know how the API actually behaves from the docs. It's super frustrating and figuring out from code isn't always easy if you don't have a passing familiarity with Ruby and RoR.
from tuba.
Related Issues (20)
- [Bug]: I can open many dialogs many times HOT 2
- [Bug]: '%3' HOT 3
- [Request]: Change localisable strings to allow rearranging words HOT 2
- [Bug]: Crashes when going to previous screen after destroy event HOT 11
- [Bug]: No option to close app HOT 3
- [Request]: Hashtags list is not alphabetically sorted, not sortable nor filterable / searchable HOT 3
- [Bug]: Hashtags follow status not updated when unfollowing a hashtag from the list and going back to it
- [Request]: Gracefully handle limited media
- [Bug]: Filtered posts should stay if I'm the author HOT 3
- [Request]: Better adapt to large window sizes HOT 4
- [Bug]: Media cache on disk is never cleared, grows infinitely HOT 1
- [Bug]: Automatically clear the old leftover disk cache from the early days of Tuba's history HOT 3
- [Bug]: Third Accoubt disappeared after closing the app HOT 5
- [Bug]: Post composer stutters on cyrillic / non-latin text. HOT 3
- [Bug]: Confusing UX with the Close Button in the Top-Right Corner of the Media Viewer HOT 1
- [Bug]: crash after rapidly closing media viewer HOT 2
- [Request]: If you click on an image, allow CTRL + C to copy the image
- [Request]: resume last position of my timeline
- [RFC]: Deprecating Snap package HOT 1
- [Bug]: dev.geopjr.Tuba killed by SIGSEGV HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tuba.