git.squeep.com Git - akkoma/blob - lib/pleroma/web/endpoint.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Endpoint do
   6   use Phoenix.Endpoint, otp_app: :pleroma
   7
   8   require Pleroma.Constants
   9
  10   alias Pleroma.Config
  11
  12   socket("/live", Phoenix.LiveView.Socket)
  13
  14   plug(Pleroma.Web.Plugs.SetLocalePlug)
  15   plug(CORSPlug)
  16   plug(Pleroma.Web.Plugs.HTTPSecurityPlug)
  17   plug(Pleroma.Web.Plugs.UploadedMedia)
  18
  19   @static_cache_control "public, no-cache"
  20
  21   # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
  22   # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
  23   # Cache-control headers are duplicated in case we turn off etags in the future
  24   plug(
  25     Pleroma.Web.Plugs.InstanceStatic,
  26     at: "/",
  27     from: :pleroma,
  28     only: ["emoji", "images"],
  29     gzip: true,
  30     cache_control_for_etags: "public, max-age=1209600",
  31     headers: %{
  32       "cache-control" => "public, max-age=1209600"
  33     }
  34   )
  35
  36   plug(Pleroma.Web.Plugs.InstanceStatic,
  37     at: "/",
  38     gzip: true,
  39     cache_control_for_etags: @static_cache_control,
  40     headers: %{
  41       "cache-control" => @static_cache_control
  42     }
  43   )
  44
  45   # Careful! No `only` restriction here, as we don't know what frontends contain.
  46   plug(Pleroma.Web.Plugs.FrontendStatic,
  47     at: "/",
  48     frontend_type: :primary,
  49     gzip: true,
  50     cache_control_for_etags: @static_cache_control,
  51     headers: %{
  52       "cache-control" => @static_cache_control
  53     }
  54   )
  55
  56   plug(Plug.Static.IndexHtml, at: "/pleroma/admin/")
  57
  58   plug(Pleroma.Web.Plugs.FrontendStatic,
  59     at: "/pleroma/admin",
  60     frontend_type: :admin,
  61     gzip: true,
  62     cache_control_for_etags: @static_cache_control,
  63     headers: %{
  64       "cache-control" => @static_cache_control
  65     }
  66   )
  67
  68   plug(Plug.Static.IndexHtml, at: "/akkoma/swaggerui")
  69
  70   plug(Pleroma.Web.Plugs.FrontendStatic,
  71     at: "/akkoma/swaggerui",
  72     frontend_type: :swagger,
  73     gzip: true,
  74     if: &Pleroma.Web.Swagger.ui_enabled?/0,
  75     cache_control_for_etags: @static_cache_control,
  76     headers: %{
  77       "cache-control" => @static_cache_control
  78     }
  79   )
  80
  81   plug(Pleroma.Web.Plugs.FrontendStatic,
  82     at: "/",
  83     frontend_type: :mastodon,
  84     gzip: true,
  85     cache_control_for_etags: @static_cache_control,
  86     headers: %{
  87       "cache-control" => @static_cache_control
  88     }
  89   )
  90
  91   # Serve at "/" the static files from "priv/static" directory.
  92   #
  93   # You should set gzip to true if you are running phoenix.digest
  94   # when deploying your static files in production.
  95   plug(
  96     Plug.Static,
  97     at: "/",
  98     from: :pleroma,
  99     only: Pleroma.Constants.static_only_files(),
 100     # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
 101     gzip: true,
 102     cache_control_for_etags: @static_cache_control,
 103     headers: %{
 104       "cache-control" => @static_cache_control
 105     }
 106   )
 107
 108   plug(Plug.Static,
 109     at: "/pleroma/admin/",
 110     from: {:pleroma, "priv/static/adminfe/"}
 111   )
 112
 113   # Code reloading can be explicitly enabled under the
 114   # :code_reloader configuration of your endpoint.
 115   if code_reloading? do
 116     plug(Phoenix.CodeReloader)
 117   end
 118
 119   plug(Pleroma.Web.Plugs.TrailingFormatPlug)
 120   plug(Plug.RequestId)
 121   plug(Plug.Logger, log: :debug)
 122
 123   plug(Plug.Parsers,
 124     parsers: [
 125       :urlencoded,
 126       {:multipart, length: {Config, :get, [[:instance, :upload_limit]]}},
 127       :json
 128     ],
 129     pass: ["*/*"],
 130     json_decoder: Jason,
 131     length: Config.get([:instance, :upload_limit]),
 132     body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []}
 133   )
 134
 135   plug(Plug.MethodOverride)
 136   plug(Plug.Head)
 137
 138   secure_cookies = Config.get([__MODULE__, :secure_cookie_flag])
 139
 140   cookie_name =
 141     if secure_cookies,
 142       do: "__Host-pleroma_key",
 143       else: "pleroma_key"
 144
 145   extra =
 146     Config.get([__MODULE__, :extra_cookie_attrs])
 147     |> Enum.join(";")
 148
 149   # The session will be stored in the cookie and signed,
 150   # this means its contents can be read but not tampered with.
 151   # Set :encryption_salt if you would also like to encrypt it.
 152   plug(
 153     Plug.Session,
 154     store: :cookie,
 155     key: cookie_name,
 156     signing_salt: Config.get([__MODULE__, :signing_salt], "CqaoopA2"),
 157     http_only: true,
 158     secure: secure_cookies,
 159     extra: extra
 160   )
 161
 162   plug(Pleroma.Web.Plugs.RemoteIp)
 163
 164   plug(Pleroma.Web.Router)
 165
 166   @doc """
 167   Dynamically loads configuration from the system environment
 168   on startup.
 169
 170   It receives the endpoint configuration from the config files
 171   and must return the updated configuration.
 172   """
 173   def load_from_system_env(config) do
 174     port = System.get_env("PORT") || raise "expected the PORT environment variable to be set"
 175     {:ok, Keyword.put(config, :http, [:inet6, port: port])}
 176   end
 177
 178   def websocket_url do
 179     String.replace_leading(url(), "http", "ws")
 180   end
 181 end