Allow expires_at in filter requests
[akkoma] / lib / pleroma / web / mongoose_im / mongoose_im_controller.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MongooseIM.MongooseIMController do
6 use Pleroma.Web, :controller
7
8 alias Pleroma.Repo
9 alias Pleroma.User
10 alias Pleroma.Web.Plugs.RateLimiter
11
12 plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
13 plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)
14
15 def user_exists(conn, %{"user" => username}) do
16 with %User{} <- Repo.get_by(User, nickname: username, local: true, is_active: true) do
17 conn
18 |> json(true)
19 else
20 _ ->
21 conn
22 |> put_status(:not_found)
23 |> json(false)
24 end
25 end
26
27 def check_password(conn, %{"user" => username, "pass" => password}) do
28 with %User{password_hash: password_hash, is_active: true} <-
29 Repo.get_by(User, nickname: username, local: true),
30 true <- Pleroma.Password.checkpw(password, password_hash) do
31 conn
32 |> json(true)
33 else
34 false ->
35 conn
36 |> put_status(:forbidden)
37 |> json(false)
38
39 _ ->
40 conn
41 |> put_status(:not_found)
42 |> json(false)
43 end
44 end
45 end