From abc3c7689b82cf166ba9f759e58fcbd15dfbf3a4 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Wed, 24 Jun 2020 10:39:17 +0300 Subject: HTTPSecurityPlug module name and filename --- lib/pleroma/application.ex | 2 +- lib/pleroma/web/endpoint.ex | 2 +- lib/pleroma/web/plugs/http_security_plug.ex | 2 +- lib/pleroma/web/plugs/http_signature.ex | 65 ---------------------------- lib/pleroma/web/plugs/http_signature_plug.ex | 65 ++++++++++++++++++++++++++++ 5 files changed, 68 insertions(+), 68 deletions(-) delete mode 100644 lib/pleroma/web/plugs/http_signature.ex create mode 100644 lib/pleroma/web/plugs/http_signature_plug.ex diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index 0f39c7d92..958e32db2 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -52,7 +52,7 @@ defmodule Pleroma.Application do Pleroma.HTML.compile_scrubbers() Pleroma.Config.Oban.warn() Config.DeprecationWarnings.warn() - Pleroma.Plugs.HTTPSecurityPlug.warn_if_disabled() + Pleroma.Web.Plugs.HTTPSecurityPlug.warn_if_disabled() Pleroma.ApplicationRequirements.verify!() setup_instrumenters() load_custom_modules() diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index db3971558..6acca0db6 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -11,7 +11,7 @@ defmodule Pleroma.Web.Endpoint do plug(Pleroma.Web.Plugs.SetLocalePlug) plug(CORSPlug) - plug(Pleroma.Plugs.HTTPSecurityPlug) + plug(Pleroma.Web.Plugs.HTTPSecurityPlug) plug(Pleroma.Web.Plugs.UploadedMedia) @static_cache_control "public, no-cache" diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index c363b193b..45aaf188e 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -2,7 +2,7 @@ # Copyright © 2017-2020 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only -defmodule Pleroma.Plugs.HTTPSecurityPlug do +defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do alias Pleroma.Config import Plug.Conn diff --git a/lib/pleroma/web/plugs/http_signature.ex b/lib/pleroma/web/plugs/http_signature.ex deleted file mode 100644 index 036e2a773..000000000 --- a/lib/pleroma/web/plugs/http_signature.ex +++ /dev/null @@ -1,65 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do - import Plug.Conn - import Phoenix.Controller, only: [get_format: 1, text: 2] - require Logger - - def init(options) do - options - end - - def call(%{assigns: %{valid_signature: true}} = conn, _opts) do - conn - end - - def call(conn, _opts) do - if get_format(conn) == "activity+json" do - conn - |> maybe_assign_valid_signature() - |> maybe_require_signature() - else - conn - end - end - - defp maybe_assign_valid_signature(conn) do - if has_signature_header?(conn) do - # set (request-target) header to the appropriate value - # we also replace the digest header with the one we computed - request_target = String.downcase("#{conn.method}") <> " #{conn.request_path}" - - conn = - conn - |> put_req_header("(request-target)", request_target) - |> case do - %{assigns: %{digest: digest}} = conn -> put_req_header(conn, "digest", digest) - conn -> conn - end - - assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn)) - else - Logger.debug("No signature header!") - conn - end - end - - defp has_signature_header?(conn) do - conn |> get_req_header("signature") |> Enum.at(0, false) - end - - defp maybe_require_signature(%{assigns: %{valid_signature: true}} = conn), do: conn - - defp maybe_require_signature(conn) do - if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do - conn - |> put_status(:unauthorized) - |> text("Request not signed") - |> halt() - else - conn - end - end -end diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex new file mode 100644 index 000000000..036e2a773 --- /dev/null +++ b/lib/pleroma/web/plugs/http_signature_plug.ex @@ -0,0 +1,65 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do + import Plug.Conn + import Phoenix.Controller, only: [get_format: 1, text: 2] + require Logger + + def init(options) do + options + end + + def call(%{assigns: %{valid_signature: true}} = conn, _opts) do + conn + end + + def call(conn, _opts) do + if get_format(conn) == "activity+json" do + conn + |> maybe_assign_valid_signature() + |> maybe_require_signature() + else + conn + end + end + + defp maybe_assign_valid_signature(conn) do + if has_signature_header?(conn) do + # set (request-target) header to the appropriate value + # we also replace the digest header with the one we computed + request_target = String.downcase("#{conn.method}") <> " #{conn.request_path}" + + conn = + conn + |> put_req_header("(request-target)", request_target) + |> case do + %{assigns: %{digest: digest}} = conn -> put_req_header(conn, "digest", digest) + conn -> conn + end + + assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn)) + else + Logger.debug("No signature header!") + conn + end + end + + defp has_signature_header?(conn) do + conn |> get_req_header("signature") |> Enum.at(0, false) + end + + defp maybe_require_signature(%{assigns: %{valid_signature: true}} = conn), do: conn + + defp maybe_require_signature(conn) do + if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do + conn + |> put_status(:unauthorized) + |> text("Request not signed") + |> halt() + else + conn + end + end +end -- cgit v1.2.3