Merge pull request 'Correct og:description tag in static-fe' (#373) from sfr/akkoma...
[akkoma] / lib / pleroma / web / endpoint.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.Endpoint do
6 use Phoenix.Endpoint, otp_app: :pleroma
7
8 require Pleroma.Constants
9
10 alias Pleroma.Config
11
12 socket("/live", Phoenix.LiveView.Socket)
13
14 plug(Pleroma.Web.Plugs.SetLocalePlug)
15 plug(CORSPlug)
16 plug(Pleroma.Web.Plugs.CSPNoncePlug)
17 plug(Pleroma.Web.Plugs.HTTPSecurityPlug)
18 plug(Pleroma.Web.Plugs.UploadedMedia)
19
20 @static_cache_control "public, no-cache"
21
22 # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
23 # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
24 # Cache-control headers are duplicated in case we turn off etags in the future
25 plug(
26 Pleroma.Web.Plugs.InstanceStatic,
27 at: "/",
28 from: :pleroma,
29 only: ["emoji", "images"],
30 gzip: true,
31 cache_control_for_etags: "public, max-age=1209600",
32 headers: %{
33 "cache-control" => "public, max-age=1209600"
34 }
35 )
36
37 plug(Pleroma.Web.Plugs.InstanceStatic,
38 at: "/",
39 gzip: true,
40 cache_control_for_etags: @static_cache_control,
41 headers: %{
42 "cache-control" => @static_cache_control
43 }
44 )
45
46 # Careful! No `only` restriction here, as we don't know what frontends contain.
47 plug(Pleroma.Web.Plugs.FrontendStatic,
48 at: "/",
49 frontend_type: :primary,
50 gzip: true,
51 cache_control_for_etags: @static_cache_control,
52 headers: %{
53 "cache-control" => @static_cache_control
54 }
55 )
56
57 plug(Plug.Static.IndexHtml, at: "/pleroma/admin/")
58
59 plug(Pleroma.Web.Plugs.FrontendStatic,
60 at: "/pleroma/admin",
61 frontend_type: :admin,
62 gzip: true,
63 cache_control_for_etags: @static_cache_control,
64 headers: %{
65 "cache-control" => @static_cache_control
66 }
67 )
68
69 plug(Plug.Static.IndexHtml, at: "/akkoma/swaggerui")
70
71 plug(Pleroma.Web.Plugs.FrontendStatic,
72 at: "/akkoma/swaggerui",
73 frontend_type: :swagger,
74 gzip: true,
75 if: &Pleroma.Web.Swagger.ui_enabled?/0,
76 cache_control_for_etags: @static_cache_control,
77 headers: %{
78 "cache-control" => @static_cache_control
79 }
80 )
81
82 plug(Pleroma.Web.Plugs.FrontendStatic,
83 at: "/",
84 frontend_type: :mastodon,
85 gzip: true,
86 cache_control_for_etags: @static_cache_control,
87 headers: %{
88 "cache-control" => @static_cache_control
89 }
90 )
91
92 # Serve at "/" the static files from "priv/static" directory.
93 #
94 # You should set gzip to true if you are running phoenix.digest
95 # when deploying your static files in production.
96 plug(
97 Plug.Static,
98 at: "/",
99 from: :pleroma,
100 only: Pleroma.Constants.static_only_files(),
101 # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
102 gzip: true,
103 cache_control_for_etags: @static_cache_control,
104 headers: %{
105 "cache-control" => @static_cache_control
106 }
107 )
108
109 plug(Plug.Static,
110 at: "/pleroma/admin/",
111 from: {:pleroma, "priv/static/adminfe/"}
112 )
113
114 # Code reloading can be explicitly enabled under the
115 # :code_reloader configuration of your endpoint.
116 if code_reloading? do
117 plug(Phoenix.CodeReloader)
118 end
119
120 plug(Pleroma.Web.Plugs.TrailingFormatPlug)
121 plug(Plug.RequestId)
122 plug(Plug.Logger, log: :debug)
123
124 plug(Plug.Parsers,
125 parsers: [
126 :urlencoded,
127 Pleroma.Web.Plugs.Parsers.Multipart,
128 :json
129 ],
130 pass: ["*/*"],
131 json_decoder: Jason,
132 length: Config.get([:instance, :upload_limit]),
133 body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []}
134 )
135
136 plug(Plug.MethodOverride)
137 plug(Plug.Head)
138
139 secure_cookies = Config.get([__MODULE__, :secure_cookie_flag])
140
141 cookie_name =
142 if secure_cookies,
143 do: "__Host-pleroma_key",
144 else: "pleroma_key"
145
146 extra =
147 Config.get([__MODULE__, :extra_cookie_attrs])
148 |> Enum.join(";")
149
150 # The session will be stored in the cookie and signed,
151 # this means its contents can be read but not tampered with.
152 # Set :encryption_salt if you would also like to encrypt it.
153 plug(
154 Plug.Session,
155 store: :cookie,
156 key: cookie_name,
157 signing_salt: Config.get([__MODULE__, :signing_salt], "CqaoopA2"),
158 http_only: true,
159 secure: secure_cookies,
160 extra: extra
161 )
162
163 plug(Pleroma.Web.Plugs.RemoteIp)
164
165 plug(Pleroma.Web.Router)
166
167 @doc """
168 Dynamically loads configuration from the system environment
169 on startup.
170
171 It receives the endpoint configuration from the config files
172 and must return the updated configuration.
173 """
174 def load_from_system_env(config) do
175 port = System.get_env("PORT") || raise "expected the PORT environment variable to be set"
176 {:ok, Keyword.put(config, :http, [:inet6, port: port])}
177 end
178
179 def websocket_url do
180 String.replace_leading(url(), "http", "ws")
181 end
182 end