git.squeep.com Git - akkoma/blob - lib/pleroma/web/endpoint.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Endpoint do
   6   use Phoenix.Endpoint, otp_app: :pleroma
   7
   8   socket("/socket", Pleroma.Web.UserSocket)
   9
  10   # Serve at "/" the static files from "priv/static" directory.
  11   #
  12   # You should set gzip to true if you are running phoenix.digest
  13   # when deploying your static files in production.
  14   plug(CORSPlug)
  15   plug(Pleroma.Plugs.HTTPSecurityPlug)
  16
  17   plug(Pleroma.Plugs.UploadedMedia)
  18
  19   # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
  20   # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
  21   plug(Pleroma.Plugs.InstanceStatic, at: "/")
  22
  23   plug(
  24     Plug.Static,
  25     at: "/",
  26     from: :pleroma,
  27     only:
  28       ~w(index.html robots.txt static finmoji emoji packs sounds images instance sw.js sw-pleroma.js favicon.png schemas doc)
  29     # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
  30   )
  31
  32   # Code reloading can be explicitly enabled under the
  33   # :code_reloader configuration of your endpoint.
  34   if code_reloading? do
  35     plug(Phoenix.CodeReloader)
  36   end
  37
  38   plug(TrailingFormatPlug)
  39   plug(Plug.RequestId)
  40   plug(Plug.Logger)
  41
  42   plug(
  43     Plug.Parsers,
  44     parsers: [:urlencoded, :multipart, :json],
  45     pass: ["*/*"],
  46     json_decoder: Jason,
  47     length: Application.get_env(:pleroma, :instance) |> Keyword.get(:upload_limit),
  48     body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []}
  49   )
  50
  51   plug(Plug.MethodOverride)
  52   plug(Plug.Head)
  53
  54   cookie_name =
  55     if Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
  56       do: "__Host-pleroma_key",
  57       else: "pleroma_key"
  58
  59   # The session will be stored in the cookie and signed,
  60   # this means its contents can be read but not tampered with.
  61   # Set :encryption_salt if you would also like to encrypt it.
  62   plug(
  63     Plug.Session,
  64     store: :cookie,
  65     key: cookie_name,
  66     signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
  67     http_only: true,
  68     secure:
  69       Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
  70     extra: "SameSite=Strict"
  71   )
  72
  73   # Note: the plug and its configuration is compile-time this can't be upstreamed yet
  74   if proxies = Pleroma.Config.get([__MODULE__, :reverse_proxies]) do
  75     plug(RemoteIp, proxies: proxies)
  76   end
  77
  78   defmodule Instrumenter do
  79     use Prometheus.PhoenixInstrumenter
  80   end
  81
  82   defmodule PipelineInstrumenter do
  83     use Prometheus.PlugPipelineInstrumenter
  84   end
  85
  86   defmodule MetricsExporter do
  87     use Prometheus.PlugExporter
  88   end
  89
  90   plug(PipelineInstrumenter)
  91   plug(MetricsExporter)
  92
  93   plug(Pleroma.Web.Router)
  94
  95   @doc """
  96   Dynamically loads configuration from the system environment
  97   on startup.
  98
  99   It receives the endpoint configuration from the config files
 100   and must return the updated configuration.
 101   """
 102   def load_from_system_env(config) do
 103     port = System.get_env("PORT") || raise "expected the PORT environment variable to be set"
 104     {:ok, Keyword.put(config, :http, [:inet6, port: port])}
 105   end
 106
 107   def websocket_url do
 108     String.replace_leading(url(), "http", "ws")
 109   end
 110 end