git.squeep.com Git - akkoma/blob - lib/pleroma/web/plugs/admin_secret_authentication_plug.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlug do
   6   import Plug.Conn
   7
   8   alias Pleroma.Helpers.AuthHelper
   9   alias Pleroma.User
  10   alias Pleroma.Web.Plugs.RateLimiter
  11
  12   def init(options) do
  13     options
  14   end
  15
  16   def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
  17
  18   def call(conn, _) do
  19     if secret_token() do
  20       authenticate(conn)
  21     else
  22       conn
  23     end
  24   end
  25
  26   defp authenticate(%{params: %{"admin_token" => admin_token}} = conn) do
  27     if admin_token == secret_token() do
  28       assign_admin_user(conn)
  29     else
  30       handle_bad_token(conn)
  31     end
  32   end
  33
  34   defp authenticate(conn) do
  35     token = secret_token()
  36
  37     case get_req_header(conn, "x-admin-token") do
  38       blank when blank in [[], [""]] -> conn
  39       [^token] -> assign_admin_user(conn)
  40       _ -> handle_bad_token(conn)
  41     end
  42   end
  43
  44   defp secret_token do
  45     case Pleroma.Config.get(:admin_token) do
  46       blank when blank in [nil, ""] -> nil
  47       token -> token
  48     end
  49   end
  50
  51   defp assign_admin_user(conn) do
  52     conn
  53     |> assign(:user, %User{is_admin: true})
  54     |> AuthHelper.skip_oauth()
  55   end
  56
  57   defp handle_bad_token(conn) do
  58     RateLimiter.call(conn, name: :authentication)
  59   end
  60 end