aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/web/mongoose_im/mongoose_im_controller.ex')
-rw-r--r--lib/pleroma/web/mongoose_im/mongoose_im_controller.ex46
1 files changed, 46 insertions, 0 deletions
diff --git a/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex b/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex
new file mode 100644
index 000000000..6ace3e0b5
--- /dev/null
+++ b/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex
@@ -0,0 +1,46 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.MongooseIM.MongooseIMController do
+ use Pleroma.Web, :controller
+
+ alias Pleroma.Repo
+ alias Pleroma.User
+ alias Pleroma.Web.Plugs.AuthenticationPlug
+ alias Pleroma.Web.Plugs.RateLimiter
+
+ plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
+ plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)
+
+ def user_exists(conn, %{"user" => username}) do
+ with %User{} <- Repo.get_by(User, nickname: username, local: true, is_active: true) do
+ conn
+ |> json(true)
+ else
+ _ ->
+ conn
+ |> put_status(:not_found)
+ |> json(false)
+ end
+ end
+
+ def check_password(conn, %{"user" => username, "pass" => password}) do
+ with %User{password_hash: password_hash, is_active: true} <-
+ Repo.get_by(User, nickname: username, local: true),
+ true <- AuthenticationPlug.checkpw(password, password_hash) do
+ conn
+ |> json(true)
+ else
+ false ->
+ conn
+ |> put_status(:forbidden)
+ |> json(false)
+
+ _ ->
+ conn
+ |> put_status(:not_found)
+ |> json(false)
+ end
+ end
+end
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-26 12:47:56 +0000