git.squeep.com Git - akkoma/blob - lib/pleroma/web/endpoint.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Endpoint do
   6   use Phoenix.Endpoint, otp_app: :pleroma
   7
   8   require Pleroma.Constants
   9
  10   alias Pleroma.Config
  11
  12   socket("/live", Phoenix.LiveView.Socket)
  13
  14   plug(Pleroma.Web.Plugs.SetLocalePlug)
  15   plug(CORSPlug)
  16   plug(Pleroma.Web.Plugs.CSPNoncePlug)
  17   plug(Pleroma.Web.Plugs.HTTPSecurityPlug)
  18   plug(Pleroma.Web.Plugs.UploadedMedia)
  19
  20   @static_cache_control "public, no-cache"
  21
  22   # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
  23   # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
  24   # Cache-control headers are duplicated in case we turn off etags in the future
  25   plug(
  26     Pleroma.Web.Plugs.InstanceStatic,
  27     at: "/",
  28     from: :pleroma,
  29     only: ["emoji", "images"],
  30     gzip: true,
  31     cache_control_for_etags: "public, max-age=1209600",
  32     headers: %{
  33       "cache-control" => "public, max-age=1209600"
  34     }
  35   )
  36
  37   plug(Pleroma.Web.Plugs.InstanceStatic,
  38     at: "/",
  39     gzip: true,
  40     cache_control_for_etags: @static_cache_control,
  41     headers: %{
  42       "cache-control" => @static_cache_control
  43     }
  44   )
  45
  46   # Careful! No `only` restriction here, as we don't know what frontends contain.
  47   plug(Pleroma.Web.Plugs.FrontendStatic,
  48     at: "/",
  49     frontend_type: :primary,
  50     gzip: true,
  51     cache_control_for_etags: @static_cache_control,
  52     headers: %{
  53       "cache-control" => @static_cache_control
  54     }
  55   )
  56
  57   plug(Plug.Static.IndexHtml, at: "/pleroma/admin/")
  58
  59   plug(Pleroma.Web.Plugs.FrontendStatic,
  60     at: "/pleroma/admin",
  61     frontend_type: :admin,
  62     gzip: true,
  63     cache_control_for_etags: @static_cache_control,
  64     headers: %{
  65       "cache-control" => @static_cache_control
  66     }
  67   )
  68
  69   plug(Plug.Static.IndexHtml, at: "/akkoma/swaggerui")
  70
  71   plug(Pleroma.Web.Plugs.FrontendStatic,
  72     at: "/akkoma/swaggerui",
  73     frontend_type: :swagger,
  74     gzip: true,
  75     if: &Pleroma.Web.Swagger.ui_enabled?/0,
  76     cache_control_for_etags: @static_cache_control,
  77     headers: %{
  78       "cache-control" => @static_cache_control
  79     }
  80   )
  81
  82   plug(Pleroma.Web.Plugs.FrontendStatic,
  83     at: "/",
  84     frontend_type: :mastodon,
  85     gzip: true,
  86     cache_control_for_etags: @static_cache_control,
  87     headers: %{
  88       "cache-control" => @static_cache_control
  89     }
  90   )
  91
  92   # Serve at "/" the static files from "priv/static" directory.
  93   #
  94   # You should set gzip to true if you are running phoenix.digest
  95   # when deploying your static files in production.
  96   plug(
  97     Plug.Static,
  98     at: "/",
  99     from: :pleroma,
 100     only: Pleroma.Constants.static_only_files(),
 101     # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
 102     gzip: true,
 103     cache_control_for_etags: @static_cache_control,
 104     headers: %{
 105       "cache-control" => @static_cache_control
 106     }
 107   )
 108
 109   plug(Plug.Static,
 110     at: "/pleroma/admin/",
 111     from: {:pleroma, "priv/static/adminfe/"}
 112   )
 113
 114   # Code reloading can be explicitly enabled under the
 115   # :code_reloader configuration of your endpoint.
 116   if code_reloading? do
 117     plug(Phoenix.CodeReloader)
 118   end
 119
 120   plug(Pleroma.Web.Plugs.TrailingFormatPlug)
 121   plug(Plug.RequestId)
 122   plug(Plug.Logger, log: :debug)
 123
 124   plug(Plug.Parsers,
 125     parsers: [
 126       :urlencoded,
 127       Pleroma.Web.Plugs.Parsers.Multipart,
 128       :json
 129     ],
 130     pass: ["*/*"],
 131     json_decoder: Jason,
 132     length: Config.get([:instance, :upload_limit]),
 133     body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []}
 134   )
 135
 136   plug(Plug.MethodOverride)
 137   plug(Plug.Head)
 138
 139   secure_cookies = Config.get([__MODULE__, :secure_cookie_flag])
 140
 141   cookie_name =
 142     if secure_cookies,
 143       do: "__Host-pleroma_key",
 144       else: "pleroma_key"
 145
 146   extra =
 147     Config.get([__MODULE__, :extra_cookie_attrs])
 148     |> Enum.join(";")
 149
 150   # The session will be stored in the cookie and signed,
 151   # this means its contents can be read but not tampered with.
 152   # Set :encryption_salt if you would also like to encrypt it.
 153   plug(
 154     Plug.Session,
 155     store: :cookie,
 156     key: cookie_name,
 157     signing_salt: Config.get([__MODULE__, :signing_salt], "CqaoopA2"),
 158     http_only: true,
 159     secure: secure_cookies,
 160     extra: extra
 161   )
 162
 163   plug(Pleroma.Web.Plugs.RemoteIp)
 164
 165   plug(Pleroma.Web.Router)
 166
 167   @doc """
 168   Dynamically loads configuration from the system environment
 169   on startup.
 170
 171   It receives the endpoint configuration from the config files
 172   and must return the updated configuration.
 173   """
 174   def load_from_system_env(config) do
 175     port = System.get_env("PORT") || raise "expected the PORT environment variable to be set"
 176     {:ok, Keyword.put(config, :http, [:inet6, port: port])}
 177   end
 178
 179   def websocket_url do
 180     String.replace_leading(url(), "http", "ws")
 181   end
 182 end