projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
giant massive dep upgrade and dialyxir-found error emporium (#371)
[akkoma] / lib / pleroma / web.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web do
6 @moduledoc """
7 A module that keeps using definitions for controllers,
8 views and so on.
9
10 This can be used in your application as:
11
12 use Pleroma.Web, :controller
13 use Pleroma.Web, :view
14
15 The definitions below will be executed for every view,
16 controller, etc, so keep them short and clean, focused
17 on imports, uses and aliases.
18
19 Do NOT define functions inside the quoted expressions
20 below.
21 """
22
23 alias Pleroma.Helpers.AuthHelper
24 alias Pleroma.Web.Plugs.EnsureAuthenticatedPlug
25 alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
26 alias Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug
27 alias Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug
28 alias Pleroma.Web.Plugs.OAuthScopesPlug
29 alias Pleroma.Web.Plugs.PlugHelper
30
31 def controller do
32 quote do
33 use Phoenix.Controller, namespace: Pleroma.Web
34
35 import Plug.Conn
36
37 import Pleroma.Web.Gettext
38 import Pleroma.Web.TranslationHelpers
39
40 alias Pleroma.Web.Router.Helpers, as: Routes
41
42 plug(:set_put_layout)
43
44 defp set_put_layout(conn, _) do
45 put_layout(conn, Pleroma.Config.get(:app_layout, "app.html"))
46 end
47
48 # Marks plugs intentionally skipped and blocks their execution if present in plugs chain
49 defp skip_plug(conn, plug_modules) do
50 plug_modules
51 |> List.wrap()
52 |> Enum.reduce(
53 conn,
54 fn plug_module, conn ->
55 try do
56 plug_module.skip_plug(conn)
57 rescue
58 UndefinedFunctionError ->
59 reraise(
60 "`#{plug_module}` is not skippable. Append `use Pleroma.Web, :plug` to its code.",
61 __STACKTRACE__
62 )
63 end
64 end
65 )
66 end
67
68 defp skip_auth(conn, _) do
69 skip_plug(conn, [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug])
70 end
71
72 defp skip_public_check(conn, _) do
73 skip_plug(conn, EnsurePublicOrAuthenticatedPlug)
74 end
75
76 # Executed just before actual controller action, invokes before-action hooks (callbacks)
77 defp action(conn, params) do
78 with %{halted: false} = conn <-
79 maybe_drop_authentication_if_oauth_check_ignored(conn),
80 %{halted: false} = conn <- maybe_perform_public_or_authenticated_check(conn),
81 %{halted: false} = conn <- maybe_perform_authenticated_check(conn),
82 %{halted: false} = conn <- maybe_halt_on_missing_oauth_scopes_check(conn) do
83 super(conn, params)
84 end
85 end
86
87 # For non-authenticated API actions, drops auth info if OAuth scopes check was ignored
88 # (neither performed nor explicitly skipped)
89 defp maybe_drop_authentication_if_oauth_check_ignored(conn) do
90 if PlugHelper.plug_called?(conn, ExpectPublicOrAuthenticatedCheckPlug) and
91 not PlugHelper.plug_called_or_skipped?(conn, OAuthScopesPlug) do
92 AuthHelper.drop_auth_info(conn)
93 else
94 conn
95 end
96 end
97
98 # Ensures instance is public -or- user is authenticated if such check was scheduled
99 defp maybe_perform_public_or_authenticated_check(conn) do
100 if PlugHelper.plug_called?(conn, ExpectPublicOrAuthenticatedCheckPlug) do
101 EnsurePublicOrAuthenticatedPlug.call(conn, %{})
102 else
103 conn
104 end
105 end
106
107 # Ensures user is authenticated if such check was scheduled
108 # Note: runs prior to action even if it was already executed earlier in plug chain
109 # (since OAuthScopesPlug has option of proceeding unauthenticated)
110 defp maybe_perform_authenticated_check(conn) do
111 if PlugHelper.plug_called?(conn, ExpectAuthenticatedCheckPlug) do
112 EnsureAuthenticatedPlug.call(conn, %{})
113 else
114 conn
115 end
116 end
117
118 # Halts if authenticated API action neither performs nor explicitly skips OAuth scopes check
119 defp maybe_halt_on_missing_oauth_scopes_check(conn) do
120 if PlugHelper.plug_called?(conn, ExpectAuthenticatedCheckPlug) and
121 not PlugHelper.plug_called_or_skipped?(conn, OAuthScopesPlug) do
122 conn
123 |> render_error(
124 :forbidden,
125 "Security violation: OAuth scopes check was neither handled nor explicitly skipped."
126 )
127 |> halt()
128 else
129 conn
130 end
131 end
132 end
133 end
134
135 def view do
136 quote do
137 use Phoenix.View,
138 root: "lib/pleroma/web/templates",
139 namespace: Pleroma.Web
140
141 # Import convenience functions from controllers
142 import Phoenix.Controller, only: [get_csrf_token: 0, get_flash: 2, view_module: 1]
143
144 import Pleroma.Web.ErrorHelpers
145 import Pleroma.Web.Gettext
146
147 alias Pleroma.Web.Router.Helpers, as: Routes
148
149 require Logger
150
151 @doc "Same as `render/3` but wrapped in a rescue block"
152 def safe_render(view, template, assigns \\ %{}) do
153 Phoenix.View.render(view, template, assigns)
154 rescue
155 error ->
156 Logger.error(
157 "#{__MODULE__} failed to render #{inspect({view, template})}\n" <>
158 Exception.format(:error, error, __STACKTRACE__)
159 )
160
161 nil
162 end
163
164 @doc """
165 Same as `render_many/4` but wrapped in rescue block.
166 """
167 def safe_render_many(collection, view, template, assigns \\ %{}) do
168 Enum.map(collection, fn resource ->
169 as = Map.get(assigns, :as) || view.__resource__
170 assigns = Map.put(assigns, as, resource)
171 safe_render(view, template, assigns)
172 end)
173 |> Enum.filter(& &1)
174 end
175 end
176 end
177
178 def router do
179 quote do
180 use Phoenix.Router
181 # credo:disable-for-next-line Credo.Check.Consistency.MultiAliasImportRequireUse
182 import Plug.Conn
183 import Phoenix.Controller
184 end
185 end
186
187 def channel do
188 quote do
189 # credo:disable-for-next-line Credo.Check.Consistency.MultiAliasImportRequireUse
190 import Phoenix.Channel
191 import Pleroma.Web.Gettext
192 end
193 end
194
195 def plug do
196 quote do
197 @behaviour Pleroma.Web.Plug
198 @behaviour Plug
199
200 @doc """
201 Marks a plug intentionally skipped and blocks its execution if it's present in plugs chain.
202 """
203 def skip_plug(conn) do
204 PlugHelper.append_to_private_list(
205 conn,
206 PlugHelper.skipped_plugs_list_id(),
207 __MODULE__
208 )
209 end
210
211 @impl Plug
212 @doc """
213 Before-plug hook that
214 * ensures the plug is not skipped
215 * processes `:if_func` / `:unless_func` functional pre-run conditions
216 * adds plug to the list of called plugs and calls `perform/2` if checks are passed
217
218 Note: multiple invocations of the same plug (with different or same options) are allowed.
219 """
220 def call(%Plug.Conn{} = conn, options) do
221 if PlugHelper.plug_skipped?(conn, __MODULE__) ||
222 (options[:if_func] && !options[:if_func].(conn)) ||
223 (options[:unless_func] && options[:unless_func].(conn)) do
224 conn
225 else
226 conn =
227 PlugHelper.append_to_private_list(
228 conn,
229 PlugHelper.called_plugs_list_id(),
230 __MODULE__
231 )
232
233 apply(__MODULE__, :perform, [conn, options])
234 end
235 end
236 end
237 end
238
239 @doc """
240 When used, dispatch to the appropriate controller/view/etc.
241 """
242 defmacro __using__(which) when is_atom(which) do
243 apply(__MODULE__, which, [])
244 end
245 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git