git.squeep.com Git - akkoma/blob - lib/pleroma/plugs/oauth_plug.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Plugs.OAuthPlug do
   6   import Plug.Conn
   7   import Ecto.Query
   8
   9   alias Pleroma.Repo
  10   alias Pleroma.User
  11   alias Pleroma.Web.OAuth.Token
  12
  13   @realm_reg Regex.compile!("Bearer\:?\s+(.*)$", "i")
  14
  15   def init(options), do: options
  16
  17   def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
  18
  19   def call(%{params: %{"access_token" => access_token}} = conn, _) do
  20     with {:ok, user, token_record} <- fetch_user_and_token(access_token) do
  21       conn
  22       |> assign(:token, token_record)
  23       |> assign(:user, user)
  24     else
  25       _ -> conn
  26     end
  27   end
  28
  29   def call(conn, _) do
  30     with {:ok, token_str} <- fetch_token_str(conn),
  31          {:ok, user, token_record} <- fetch_user_and_token(token_str) do
  32       conn
  33       |> assign(:token, token_record)
  34       |> assign(:user, user)
  35     else
  36       _ -> conn
  37     end
  38   end
  39
  40   # Gets user by token
  41   #
  42   @spec fetch_user_and_token(String.t()) :: {:ok, User.t(), Token.t()} | nil
  43   defp fetch_user_and_token(token) do
  44     query =
  45       from(t in Token,
  46         where: t.token == ^token,
  47         join: user in assoc(t, :user),
  48         preload: [user: user]
  49       )
  50
  51     # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
  52     with %Token{user: %{info: %{deactivated: false} = _} = user} = token_record <- Repo.one(query) do
  53       {:ok, user, token_record}
  54     end
  55   end
  56
  57   # Gets token from session by :oauth_token key
  58   #
  59   @spec fetch_token_from_session(Plug.Conn.t()) :: :no_token_found | {:ok, String.t()}
  60   defp fetch_token_from_session(conn) do
  61     case get_session(conn, :oauth_token) do
  62       nil -> :no_token_found
  63       token -> {:ok, token}
  64     end
  65   end
  66
  67   # Gets token from headers
  68   #
  69   @spec fetch_token_str(Plug.Conn.t()) :: :no_token_found | {:ok, String.t()}
  70   defp fetch_token_str(%Plug.Conn{} = conn) do
  71     headers = get_req_header(conn, "authorization")
  72
  73     with :no_token_found <- fetch_token_str(headers),
  74          do: fetch_token_from_session(conn)
  75   end
  76
  77   @spec fetch_token_str(Keyword.t()) :: :no_token_found | {:ok, String.t()}
  78   defp fetch_token_str([]), do: :no_token_found
  79
  80   defp fetch_token_str([token | tail]) do
  81     trimmed_token = String.trim(token)
  82
  83     case Regex.run(@realm_reg, trimmed_token) do
  84       [_, match] -> {:ok, String.trim(match)}
  85       _ -> fetch_token_str(tail)
  86     end
  87   end
  88 end