projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'gitignore-runtime-exs' into 'develop'
[akkoma] / lib / pleroma / web.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web do
6 @moduledoc """
7 A module that keeps using definitions for controllers,
8 views and so on.
9
10 This can be used in your application as:
11
12 use Pleroma.Web, :controller
13 use Pleroma.Web, :view
14
15 The definitions below will be executed for every view,
16 controller, etc, so keep them short and clean, focused
17 on imports, uses and aliases.
18
19 Do NOT define functions inside the quoted expressions
20 below.
21 """
22
23 alias Pleroma.Helpers.AuthHelper
24 alias Pleroma.Web.Plugs.EnsureAuthenticatedPlug
25 alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
26 alias Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug
27 alias Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug
28 alias Pleroma.Web.Plugs.OAuthScopesPlug
29 alias Pleroma.Web.Plugs.PlugHelper
30
31 def controller do
32 quote do
33 use Phoenix.Controller, namespace: Pleroma.Web
34
35 import Plug.Conn
36
37 import Pleroma.Web.Gettext
38 import Pleroma.Web.TranslationHelpers
39
40 alias Pleroma.Web.Router.Helpers, as: Routes
41
42 plug(:set_put_layout)
43
44 defp set_put_layout(conn, _) do
45 put_layout(conn, Pleroma.Config.get(:app_layout, "app.html"))
46 end
47
48 # Marks plugs intentionally skipped and blocks their execution if present in plugs chain
49 defp skip_plug(conn, plug_modules) do
50 plug_modules
51 |> List.wrap()
52 |> Enum.reduce(
53 conn,
54 fn plug_module, conn ->
55 try do
56 plug_module.skip_plug(conn)
57 rescue
58 UndefinedFunctionError ->
59 raise "`#{plug_module}` is not skippable. Append `use Pleroma.Web, :plug` to its code."
60 end
61 end
62 )
63 end
64
65 # Executed just before actual controller action, invokes before-action hooks (callbacks)
66 defp action(conn, params) do
67 with %{halted: false} = conn <-
68 maybe_drop_authentication_if_oauth_check_ignored(conn),
69 %{halted: false} = conn <- maybe_perform_public_or_authenticated_check(conn),
70 %{halted: false} = conn <- maybe_perform_authenticated_check(conn),
71 %{halted: false} = conn <- maybe_halt_on_missing_oauth_scopes_check(conn) do
72 super(conn, params)
73 end
74 end
75
76 # For non-authenticated API actions, drops auth info if OAuth scopes check was ignored
77 # (neither performed nor explicitly skipped)
78 defp maybe_drop_authentication_if_oauth_check_ignored(conn) do
79 if PlugHelper.plug_called?(conn, ExpectPublicOrAuthenticatedCheckPlug) and
80 not PlugHelper.plug_called_or_skipped?(conn, OAuthScopesPlug) do
81 AuthHelper.drop_auth_info(conn)
82 else
83 conn
84 end
85 end
86
87 # Ensures instance is public -or- user is authenticated if such check was scheduled
88 defp maybe_perform_public_or_authenticated_check(conn) do
89 if PlugHelper.plug_called?(conn, ExpectPublicOrAuthenticatedCheckPlug) do
90 EnsurePublicOrAuthenticatedPlug.call(conn, %{})
91 else
92 conn
93 end
94 end
95
96 # Ensures user is authenticated if such check was scheduled
97 # Note: runs prior to action even if it was already executed earlier in plug chain
98 # (since OAuthScopesPlug has option of proceeding unauthenticated)
99 defp maybe_perform_authenticated_check(conn) do
100 if PlugHelper.plug_called?(conn, ExpectAuthenticatedCheckPlug) do
101 EnsureAuthenticatedPlug.call(conn, %{})
102 else
103 conn
104 end
105 end
106
107 # Halts if authenticated API action neither performs nor explicitly skips OAuth scopes check
108 defp maybe_halt_on_missing_oauth_scopes_check(conn) do
109 if PlugHelper.plug_called?(conn, ExpectAuthenticatedCheckPlug) and
110 not PlugHelper.plug_called_or_skipped?(conn, OAuthScopesPlug) do
111 conn
112 |> render_error(
113 :forbidden,
114 "Security violation: OAuth scopes check was neither handled nor explicitly skipped."
115 )
116 |> halt()
117 else
118 conn
119 end
120 end
121 end
122 end
123
124 def view do
125 quote do
126 use Phoenix.View,
127 root: "lib/pleroma/web/templates",
128 namespace: Pleroma.Web
129
130 # Import convenience functions from controllers
131 import Phoenix.Controller, only: [get_csrf_token: 0, get_flash: 2, view_module: 1]
132
133 import Pleroma.Web.ErrorHelpers
134 import Pleroma.Web.Gettext
135
136 alias Pleroma.Web.Router.Helpers, as: Routes
137
138 require Logger
139
140 @doc "Same as `render/3` but wrapped in a rescue block"
141 def safe_render(view, template, assigns \\ %{}) do
142 Phoenix.View.render(view, template, assigns)
143 rescue
144 error ->
145 Logger.error(
146 "#{__MODULE__} failed to render #{inspect({view, template})}\n" <>
147 Exception.format(:error, error, __STACKTRACE__)
148 )
149
150 nil
151 end
152
153 @doc """
154 Same as `render_many/4` but wrapped in rescue block.
155 """
156 def safe_render_many(collection, view, template, assigns \\ %{}) do
157 Enum.map(collection, fn resource ->
158 as = Map.get(assigns, :as) || view.__resource__
159 assigns = Map.put(assigns, as, resource)
160 safe_render(view, template, assigns)
161 end)
162 |> Enum.filter(& &1)
163 end
164 end
165 end
166
167 def router do
168 quote do
169 use Phoenix.Router
170 # credo:disable-for-next-line Credo.Check.Consistency.MultiAliasImportRequireUse
171 import Plug.Conn
172 import Phoenix.Controller
173 end
174 end
175
176 def channel do
177 quote do
178 # credo:disable-for-next-line Credo.Check.Consistency.MultiAliasImportRequireUse
179 import Phoenix.Channel
180 import Pleroma.Web.Gettext
181 end
182 end
183
184 def plug do
185 quote do
186 @behaviour Pleroma.Web.Plug
187 @behaviour Plug
188
189 @doc """
190 Marks a plug intentionally skipped and blocks its execution if it's present in plugs chain.
191 """
192 def skip_plug(conn) do
193 PlugHelper.append_to_private_list(
194 conn,
195 PlugHelper.skipped_plugs_list_id(),
196 __MODULE__
197 )
198 end
199
200 @impl Plug
201 @doc """
202 Before-plug hook that
203 * ensures the plug is not skipped
204 * processes `:if_func` / `:unless_func` functional pre-run conditions
205 * adds plug to the list of called plugs and calls `perform/2` if checks are passed
206
207 Note: multiple invocations of the same plug (with different or same options) are allowed.
208 """
209 def call(%Plug.Conn{} = conn, options) do
210 if PlugHelper.plug_skipped?(conn, __MODULE__) ||
211 (options[:if_func] && !options[:if_func].(conn)) ||
212 (options[:unless_func] && options[:unless_func].(conn)) do
213 conn
214 else
215 conn =
216 PlugHelper.append_to_private_list(
217 conn,
218 PlugHelper.called_plugs_list_id(),
219 __MODULE__
220 )
221
222 apply(__MODULE__, :perform, [conn, options])
223 end
224 end
225 end
226 end
227
228 @doc """
229 When used, dispatch to the appropriate controller/view/etc.
230 """
231 defmacro __using__(which) when is_atom(which) do
232 apply(__MODULE__, which, [])
233 end
234
235 def base_url do
236 Pleroma.Web.Endpoint.url()
237 end
238
239 # TODO: Change to Phoenix.Router.routes/1 for Phoenix 1.6.0+
240 def get_api_routes do
241 Pleroma.Web.Router.__routes__()
242 |> Enum.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end)
243 |> Enum.map(fn r ->
244 r.path
245 |> String.split("/", trim: true)
246 |> List.first()
247 end)
248 |> Enum.uniq()
249 end
250 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git