git.squeep.com Git - akkoma/blob - lib/pleroma/plugs/admin_secret_authentication_plug.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
   6   import Plug.Conn
   7
   8   alias Pleroma.Plugs.OAuthScopesPlug
   9   alias Pleroma.Plugs.RateLimiter
  10   alias Pleroma.User
  11
  12   def init(options) do
  13     options
  14   end
  15
  16   def secret_token do
  17     case Pleroma.Config.get(:admin_token) do
  18       blank when blank in [nil, ""] -> nil
  19       token -> token
  20     end
  21   end
  22
  23   def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
  24
  25   def call(conn, _) do
  26     if secret_token() do
  27       authenticate(conn)
  28     else
  29       conn
  30     end
  31   end
  32
  33   def authenticate(%{params: %{"admin_token" => admin_token}} = conn) do
  34     if admin_token == secret_token() do
  35       assign_admin_user(conn)
  36     else
  37       handle_bad_token(conn)
  38     end
  39   end
  40
  41   def authenticate(conn) do
  42     token = secret_token()
  43
  44     case get_req_header(conn, "x-admin-token") do
  45       blank when blank in [[], [""]] -> conn
  46       [^token] -> assign_admin_user(conn)
  47       _ -> handle_bad_token(conn)
  48     end
  49   end
  50
  51   defp assign_admin_user(conn) do
  52     conn
  53     |> assign(:user, %User{is_admin: true})
  54     |> OAuthScopesPlug.skip_plug()
  55   end
  56
  57   defp handle_bad_token(conn) do
  58     RateLimiter.call(conn, name: :authentication)
  59   end
  60 end