diff options
| author | lain <lain@soykaf.club> | 2018-12-18 21:08:52 +0100 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2018-12-18 21:08:52 +0100 |
| commit | f3eb414e282dd0e3bd5c60838e45c69cf21541e4 (patch) | |
| tree | 64cd057ee1c2c5296cb70cb1f522874173ceb094 /lib | |
| parent | 443d59baa05165c3b5b7ab14f3eabd6f2eba09f2 (diff) | |
| download | pleroma-f3eb414e282dd0e3bd5c60838e45c69cf21541e4.tar.gz | |
Add a way to use the admin api without a user.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/plugs/admin_secret_authentication_plug.ex | 25 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 1 |
2 files changed, 26 insertions, 0 deletions
diff --git a/lib/pleroma/plugs/admin_secret_authentication_plug.ex b/lib/pleroma/plugs/admin_secret_authentication_plug.ex new file mode 100644 index 000000000..f61a6ee24 --- /dev/null +++ b/lib/pleroma/plugs/admin_secret_authentication_plug.ex @@ -0,0 +1,25 @@ +defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do + import Plug.Conn + alias Pleroma.User + + def init(options) do + options + end + + def secret_token do + Pleroma.Config.get(:admin_token) + end + + def call(%{assigns: %{user: %User{}}} = conn, _), do: conn + + def call(%{params: %{"admin_token" => admin_token}} = conn, _) do + if secret_token() && admin_token == secret_token() do + conn + |> assign(:user, %User{info: %{is_admin: true}}) + else + conn + end + end + + def call(conn, _), do: conn +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index dd1985d6e..e988f1088 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -38,6 +38,7 @@ defmodule Pleroma.Web.Router do plug(Pleroma.Plugs.SessionAuthenticationPlug) plug(Pleroma.Plugs.LegacyAuthenticationPlug) plug(Pleroma.Plugs.AuthenticationPlug) + plug(Pleroma.Plugs.AdminSecretAuthenticationPlug) plug(Pleroma.Plugs.UserEnabledPlug) plug(Pleroma.Plugs.SetUserSessionIdPlug) plug(Pleroma.Plugs.EnsureAuthenticatedPlug) |