1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
8 alias Pleroma.Plugs.OAuthScopesPlug
9 alias Pleroma.Plugs.RateLimiter
17 case Pleroma.Config.get(:admin_token) do
18 blank when blank in [nil, ""] -> nil
23 def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
33 def authenticate(%{params: %{"admin_token" => admin_token}} = conn) do
34 if admin_token == secret_token() do
35 assign_admin_user(conn)
37 handle_bad_token(conn)
41 def authenticate(conn) do
42 token = secret_token()
44 case get_req_header(conn, "x-admin-token") do
45 blank when blank in [[], [""]] -> conn
46 [^token] -> assign_admin_user(conn)
47 _ -> handle_bad_token(conn)
51 defp assign_admin_user(conn) do
53 |> assign(:user, %User{is_admin: true})
54 |> OAuthScopesPlug.skip_plug()
57 defp handle_bad_token(conn) do
58 RateLimiter.call(conn, name: :authentication)