6 files changed, 38 insertions, 16 deletions
diff --git a/api/views/__init__.py b/api/views/__init__.py
index d661e7c..93cf419 100644
--- a/api/views/__init__.py
+++ b/api/views/__init__.py
@@ -1,3 +1,6 @@
+from .accounts import *  # noqa
 from .apps import *  # noqa
 from .base import api  # noqa
 from .instance import *  # noqa
+from .oauth import *  # noqa
+from .timelines import *  # noqa
diff --git a/api/views/accounts.py b/api/views/accounts.py
new file mode 100644
index 0000000..79906dc
--- /dev/null
+++ b/api/views/accounts.py
@@ -0,0 +1,9 @@
+from .. import schemas
+from ..decorators import identity_required
+from .base import api
+
+
+@api.get("/v1/accounts/verify_credentials", response=schemas.Account)
+@identity_required
+def verify_credentials(request):
+    return request.identity.to_mastodon_json()
diff --git a/api/views/apps.py b/api/views/apps.py
index 33ecf0f..1642ee9 100644
--- a/api/views/apps.py
+++ b/api/views/apps.py
@@ -1,7 +1,8 @@
 import secrets
 
-from ninja import Field, Schema
+from ninja import Schema
 
+from .. import schemas
 from ..models import Application
 from .base import api
 
@@ -13,16 +14,7 @@ class CreateApplicationSchema(Schema):
     website: None | str = None
 
 
-class ApplicationSchema(Schema):
-    id: str
-    name: str
-    website: str | None
-    client_id: str
-    client_secret: str
-    redirect_uri: str = Field(alias="redirect_uris")
-
-
-@api.post("/v1/apps", response=ApplicationSchema)
+@api.post("/v1/apps", response=schemas.Application)
 def add_app(request, details: CreateApplicationSchema):
     client_id = "tk-" + secrets.token_urlsafe(16)
     client_secret = secrets.token_urlsafe(40)
diff --git a/api/views/instance.py b/api/views/instance.py
index 5923d30..eef258d 100644
--- a/api/views/instance.py
+++ b/api/views/instance.py
@@ -9,7 +9,6 @@ from .base import api
 
 
 @api.get("/v1/instance")
-@api.get("/v1/instance/")
 def instance_info(request):
     return {
         "uri": request.headers.get("host", settings.SETUP.MAIN_DOMAIN),
diff --git a/api/views/oauth.py b/api/views/oauth.py
index 6be2778..b97ce5a 100644
--- a/api/views/oauth.py
+++ b/api/views/oauth.py
@@ -66,7 +66,6 @@ class AuthorizationView(LoginRequiredMixin, TemplateView):
 class TokenView(View):
     def post(self, request):
         grant_type = request.POST["grant_type"]
-        scopes = set(self.request.POST.get("scope", "read").split())
         try:
             application = Application.objects.get(
                 client_id=self.request.POST["client_id"]
@@ -84,9 +83,6 @@ class TokenView(View):
                 token = Token.objects.get(code=code, application=application)
             except Token.DoesNotExist:
                 return JsonResponse({"error": "invalid_code"}, status=400)
-            # Verify the scopes match the token
-            if scopes != set(token.scopes):
-                return JsonResponse({"error": "invalid_scope"}, status=400)
             # Update the token to remove its code
             token.code = None
             token.save()
diff --git a/api/views/timelines.py b/api/views/timelines.py
new file mode 100644
index 0000000..5de0e0f
--- /dev/null
+++ b/api/views/timelines.py
@@ -0,0 +1,23 @@
+from activities.models import TimelineEvent
+
+from .. import schemas
+from ..decorators import identity_required
+from .base import api
+
+
+@api.get("/v1/timelines/home", response=list[schemas.Status])
+@identity_required
+def home(request):
+    if request.GET.get("max_id"):
+        return []
+    limit = int(request.GET.get("limit", "20"))
+    events = (
+        TimelineEvent.objects.filter(
+            identity=request.identity,
+            type__in=[TimelineEvent.Types.post],
+        )
+        .select_related("subject_post", "subject_post__author")
+        .prefetch_related("subject_post__attachments")
+        .order_by("-created")[:limit]
+    )
+    return [event.subject_post.to_mastodon_json() for event in events]