aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/web
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/web')
-rw-r--r--lib/pleroma/web/activity_pub/activity_pub_controller.ex4
-rw-r--r--lib/pleroma/web/federator/federator.ex3
-rw-r--r--lib/pleroma/web/mastodon_api/mastodon_api_controller.ex42
-rw-r--r--lib/pleroma/web/nodeinfo/nodeinfo_controller.ex2
-rw-r--r--lib/pleroma/web/oauth/oauth_controller.ex48
-rw-r--r--lib/pleroma/web/ostatus/ostatus_controller.ex1
-rw-r--r--lib/pleroma/web/router.ex57
-rw-r--r--lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex11
-rw-r--r--lib/pleroma/web/twitter_api/controllers/util_controller.ex4
-rw-r--r--lib/pleroma/web/twitter_api/twitter_api_controller.ex13
-rw-r--r--lib/pleroma/web/web_finger/web_finger_controller.ex2
-rw-r--r--lib/pleroma/web/websub/websub_controller.ex9
12 files changed, 106 insertions, 90 deletions
diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
index 531e98237..3570a75cb 100644
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@@ -6,16 +6,16 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
alias Pleroma.Web.ActivityPub.Relay
alias Pleroma.Web.ActivityPub.Utils
alias Pleroma.Web.Federator
- alias Pleroma.Config
require Logger
action_fallback(:errors)
+ plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay])
plug(:relay_active? when action in [:relay])
def relay_active?(conn, _) do
- if Config.get([:instance, :allow_relay]) do
+ if Keyword.get(Application.get_env(:pleroma, :instance), :allow_relay) do
conn
else
conn
diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex
index 9ea2507a1..01c2c89c3 100644
--- a/lib/pleroma/web/federator/federator.ex
+++ b/lib/pleroma/web/federator/federator.ex
@@ -7,7 +7,6 @@ defmodule Pleroma.Web.Federator do
alias Pleroma.Web.ActivityPub.Relay
alias Pleroma.Web.ActivityPub.Transmogrifier
alias Pleroma.Web.ActivityPub.Utils
- alias Pleroma.Config
require Logger
@websub Application.get_env(:pleroma, :websub)
@@ -72,7 +71,7 @@ defmodule Pleroma.Web.Federator do
Logger.info(fn -> "Sending #{activity.data["id"]} out via Salmon" end)
Pleroma.Web.Salmon.publish(actor, activity)
- if Config.get([:instance, :allow_relay]) do
+ if Keyword.get(Application.get_env(:pleroma, :instance), :allow_relay) do
Logger.info(fn -> "Relaying #{activity.data["id"]} out" end)
Relay.publish(activity)
end
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index f6cf081fd..5cb007740 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -158,7 +158,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
end
defp mastodonized_emoji do
- Pleroma.Formatter.get_custom_emoji()
+ Pleroma.Emoji.get_all()
|> Enum.map(fn {shortcode, relative_url} ->
url = to_string(URI.merge(Web.base_url(), relative_url))
@@ -985,9 +985,29 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
end
end
+ def login(conn, %{"code" => code}) do
+ with {:ok, app} <- get_or_make_app(),
+ %Authorization{} = auth <- Repo.get_by(Authorization, token: code, app_id: app.id),
+ {:ok, token} <- Token.exchange_token(app, auth) do
+ conn
+ |> put_session(:oauth_token, token.token)
+ |> redirect(to: "/web/getting-started")
+ end
+ end
+
def login(conn, _) do
- conn
- |> render(MastodonView, "login.html", %{error: false})
+ with {:ok, app} <- get_or_make_app() do
+ path =
+ o_auth_path(conn, :authorize,
+ response_type: "code",
+ client_id: app.client_id,
+ redirect_uri: ".",
+ scope: app.scopes
+ )
+
+ conn
+ |> redirect(to: path)
+ end
end
defp get_or_make_app() do
@@ -1006,22 +1026,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
end
end
- def login_post(conn, %{"authorization" => %{"name" => name, "password" => password}}) do
- with %User{} = user <- User.get_by_nickname_or_email(name),
- true <- Pbkdf2.checkpw(password, user.password_hash),
- {:ok, app} <- get_or_make_app(),
- {:ok, auth} <- Authorization.create_authorization(app, user),
- {:ok, token} <- Token.exchange_token(app, auth) do
- conn
- |> put_session(:oauth_token, token.token)
- |> redirect(to: "/web/getting-started")
- else
- _e ->
- conn
- |> render(MastodonView, "login.html", %{error: "Wrong username or password"})
- end
- end
-
def logout(conn, _) do
conn
|> clear_session
diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
index 5446179cb..d58f08881 100644
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@@ -6,6 +6,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
alias Pleroma.{User, Repo}
alias Pleroma.Web.ActivityPub.MRF
+ plug(Pleroma.Web.FederatingPlug)
+
def schemas(conn, _params) do
response = %{
links: [
diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index 5441ee0a8..35c158fbb 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -33,25 +33,35 @@ defmodule Pleroma.Web.OAuth.OAuthController do
true <- Pbkdf2.checkpw(password, user.password_hash),
%App{} = app <- Repo.get_by(App, client_id: client_id),
{:ok, auth} <- Authorization.create_authorization(app, user) do
- if redirect_uri == "urn:ietf:wg:oauth:2.0:oob" do
- render(conn, "results.html", %{
- auth: auth
- })
- else
- connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?"
- url = "#{redirect_uri}#{connector}"
- url_params = %{:code => auth.token}
-
- url_params =
- if params["state"] do
- Map.put(url_params, :state, params["state"])
- else
- url_params
- end
-
- url = "#{url}#{Plug.Conn.Query.encode(url_params)}"
-
- redirect(conn, external: url)
+ # Special case: Local MastodonFE.
+ redirect_uri =
+ if redirect_uri == "." do
+ mastodon_api_url(conn, :login)
+ else
+ redirect_uri
+ end
+
+ cond do
+ redirect_uri == "urn:ietf:wg:oauth:2.0:oob" ->
+ render(conn, "results.html", %{
+ auth: auth
+ })
+
+ true ->
+ connector = if String.contains?(redirect_uri, "?"), do: "&", else: "?"
+ url = "#{redirect_uri}#{connector}"
+ url_params = %{:code => auth.token}
+
+ url_params =
+ if params["state"] do
+ Map.put(url_params, :state, params["state"])
+ else
+ url_params
+ end
+
+ url = "#{url}#{Plug.Conn.Query.encode(url_params)}"
+
+ redirect(conn, external: url)
end
end
end
diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex
index 09d1b1110..2f92935e7 100644
--- a/lib/pleroma/web/ostatus/ostatus_controller.ex
+++ b/lib/pleroma/web/ostatus/ostatus_controller.ex
@@ -10,6 +10,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do
alias Pleroma.Web.ActivityPub.ActivityPubController
alias Pleroma.Web.ActivityPub.ActivityPub
+ plug(Pleroma.Web.FederatingPlug when action in [:salmon_incoming])
action_fallback(:errors)
def feed_redirect(conn, %{"nickname" => nickname}) do
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 7b7affe5e..b461def82 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -3,11 +3,6 @@ defmodule Pleroma.Web.Router do
alias Pleroma.{Repo, User, Web.Router}
- @instance Application.get_env(:pleroma, :instance)
- @federating Keyword.get(@instance, :federating)
- @public Keyword.get(@instance, :public)
- @registrations_open Keyword.get(@instance, :registrations_open)
-
pipeline :api do
plug(:accepts, ["json"])
plug(:fetch_session)
@@ -242,11 +237,7 @@ defmodule Pleroma.Web.Router do
end
scope "/api", Pleroma.Web do
- if @public do
- pipe_through(:api)
- else
- pipe_through(:authenticated_api)
- end
+ pipe_through(:api)
get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline)
@@ -330,12 +321,10 @@ defmodule Pleroma.Web.Router do
get("/users/:nickname/feed", OStatus.OStatusController, :feed)
get("/users/:nickname", OStatus.OStatusController, :feed_redirect)
- if @federating do
- post("/users/:nickname/salmon", OStatus.OStatusController, :salmon_incoming)
- post("/push/hub/:nickname", Websub.WebsubController, :websub_subscription_request)
- get("/push/subscriptions/:id", Websub.WebsubController, :websub_subscription_confirmation)
- post("/push/subscriptions/:id", Websub.WebsubController, :websub_incoming)
- end
+ post("/users/:nickname/salmon", OStatus.OStatusController, :salmon_incoming)
+ post("/push/hub/:nickname", Websub.WebsubController, :websub_subscription_request)
+ get("/push/subscriptions/:id", Websub.WebsubController, :websub_subscription_confirmation)
+ post("/push/subscriptions/:id", Websub.WebsubController, :websub_incoming)
end
pipeline :activitypub do
@@ -352,29 +341,27 @@ defmodule Pleroma.Web.Router do
get("/users/:nickname/outbox", ActivityPubController, :outbox)
end
- if @federating do
- scope "/relay", Pleroma.Web.ActivityPub do
- pipe_through(:ap_relay)
- get("/", ActivityPubController, :relay)
- end
+ scope "/relay", Pleroma.Web.ActivityPub do
+ pipe_through(:ap_relay)
+ get("/", ActivityPubController, :relay)
+ end
- scope "/", Pleroma.Web.ActivityPub do
- pipe_through(:activitypub)
- post("/users/:nickname/inbox", ActivityPubController, :inbox)
- post("/inbox", ActivityPubController, :inbox)
- end
+ scope "/", Pleroma.Web.ActivityPub do
+ pipe_through(:activitypub)
+ post("/users/:nickname/inbox", ActivityPubController, :inbox)
+ post("/inbox", ActivityPubController, :inbox)
+ end
- scope "/.well-known", Pleroma.Web do
- pipe_through(:well_known)
+ scope "/.well-known", Pleroma.Web do
+ pipe_through(:well_known)
- get("/host-meta", WebFinger.WebFingerController, :host_meta)
- get("/webfinger", WebFinger.WebFingerController, :webfinger)
- get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas)
- end
+ get("/host-meta", WebFinger.WebFingerController, :host_meta)
+ get("/webfinger", WebFinger.WebFingerController, :webfinger)
+ get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas)
+ end
- scope "/nodeinfo", Pleroma.Web do
- get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
- end
+ scope "/nodeinfo", Pleroma.Web do
+ get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
end
scope "/", Pleroma.Web.MastodonAPI do
diff --git a/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex b/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex
deleted file mode 100644
index 34cd7ed89..000000000
--- a/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex
+++ /dev/null
@@ -1,11 +0,0 @@
-<h2>Login to Mastodon Frontend</h2>
-<%= if @error do %>
- <h2><%= @error %></h2>
-<% end %>
-<%= form_for @conn, mastodon_api_path(@conn, :login), [as: "authorization"], fn f -> %>
-<%= text_input f, :name, placeholder: "Username or email" %>
-<br>
-<%= password_input f, :password, placeholder: "Password" %>
-<br>
-<%= submit "Log in" %>
-<% end %>
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index 01cd17121..e84438e97 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -6,7 +6,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
alias Pleroma.Web.WebFinger
alias Pleroma.Web.CommonAPI
alias Comeonin.Pbkdf2
- alias Pleroma.Formatter
+ alias Pleroma.{Formatter, Emoji}
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.{Repo, PasswordResetToken, User}
@@ -212,7 +212,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end
def emoji(conn, _params) do
- json(conn, Enum.into(Formatter.get_custom_emoji(), %{}))
+ json(conn, Enum.into(Emoji.get_all(), %{}))
end
def follow_import(conn, %{"list" => %Plug.Upload{} = listfile}) do
diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
index 7153a2bd6..83d725f13 100644
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@@ -11,6 +11,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
require Logger
+ plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline])
action_fallback(:errors)
def verify_credentials(%{assigns: %{user: user}} = conn, _params) do
@@ -518,6 +519,18 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
json_reply(conn, 403, json)
end
+ def only_if_public_instance(conn = %{conn: %{assigns: %{user: _user}}}, _), do: conn
+
+ def only_if_public_instance(conn, _) do
+ if Keyword.get(Application.get_env(:pleroma, :instance), :public) do
+ conn
+ else
+ conn
+ |> forbidden_json_reply("Invalid credentials.")
+ |> halt()
+ end
+ end
+
defp error_json(conn, error_message) do
%{"error" => error_message, "request" => conn.request_path} |> Jason.encode!()
end
diff --git a/lib/pleroma/web/web_finger/web_finger_controller.ex b/lib/pleroma/web/web_finger/web_finger_controller.ex
index 50d816256..002353166 100644
--- a/lib/pleroma/web/web_finger/web_finger_controller.ex
+++ b/lib/pleroma/web/web_finger/web_finger_controller.ex
@@ -3,6 +3,8 @@ defmodule Pleroma.Web.WebFinger.WebFingerController do
alias Pleroma.Web.WebFinger
+ plug(Pleroma.Web.FederatingPlug)
+
def host_meta(conn, _params) do
xml = WebFinger.host_meta()
diff --git a/lib/pleroma/web/websub/websub_controller.ex b/lib/pleroma/web/websub/websub_controller.ex
index 590dd74a1..c1934ba92 100644
--- a/lib/pleroma/web/websub/websub_controller.ex
+++ b/lib/pleroma/web/websub/websub_controller.ex
@@ -5,6 +5,15 @@ defmodule Pleroma.Web.Websub.WebsubController do
alias Pleroma.Web.Websub.WebsubClientSubscription
require Logger
+ plug(
+ Pleroma.Web.FederatingPlug
+ when action in [
+ :websub_subscription_request,
+ :websub_subscription_confirmation,
+ :websub_incoming
+ ]
+ )
+
def websub_subscription_request(conn, %{"nickname" => nickname} = params) do
user = User.get_cached_by_nickname(nickname)
generated by cgit v1.2.3 (git 2.26.2) at 2025-05-29 11:45:31 +0000