Pleroma.Web.TwitterAPI.ActivityView: Harden TwitterAPI against remnant of prismo

[akkoma] / lib / pleroma / web / router.ex

diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index e8a02a192370ded8c1839a1d1a34392753992eaf..7b7affe5e5a50391be37e25aa09d71444dc9f8b8 100644 (file)
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -5,7 +5,6 @@ defmodule Pleroma.Web.Router do
 
   @instance Application.get_env(:pleroma, :instance)
   @federating Keyword.get(@instance, :federating)
-  @allow_relay Keyword.get(@instance, :allow_relay)
   @public Keyword.get(@instance, :public)
   @registrations_open Keyword.get(@instance, :registrations_open)
 
@@ -16,6 +15,7 @@ defmodule Pleroma.Web.Router do
     plug(Pleroma.Plugs.BasicAuthDecoderPlug)
     plug(Pleroma.Plugs.UserFetcherPlug)
     plug(Pleroma.Plugs.SessionAuthenticationPlug)
+    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
     plug(Pleroma.Plugs.AuthenticationPlug)
     plug(Pleroma.Plugs.UserEnabledPlug)
     plug(Pleroma.Plugs.SetUserSessionIdPlug)
@@ -29,6 +29,7 @@ defmodule Pleroma.Web.Router do
     plug(Pleroma.Plugs.BasicAuthDecoderPlug)
     plug(Pleroma.Plugs.UserFetcherPlug)
     plug(Pleroma.Plugs.SessionAuthenticationPlug)
+    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
     plug(Pleroma.Plugs.AuthenticationPlug)
     plug(Pleroma.Plugs.UserEnabledPlug)
     plug(Pleroma.Plugs.SetUserSessionIdPlug)
@@ -42,6 +43,7 @@ defmodule Pleroma.Web.Router do
     plug(Pleroma.Plugs.BasicAuthDecoderPlug)
     plug(Pleroma.Plugs.UserFetcherPlug)
     plug(Pleroma.Plugs.SessionAuthenticationPlug)
+    plug(Pleroma.Plugs.LegacyAuthenticationPlug)
     plug(Pleroma.Plugs.AuthenticationPlug)
     plug(Pleroma.Plugs.UserEnabledPlug)
     plug(Pleroma.Plugs.SetUserSessionIdPlug)
@@ -100,6 +102,7 @@ defmodule Pleroma.Web.Router do
     get("/authorize", OAuthController, :authorize)
     post("/authorize", OAuthController, :create_authorization)
     post("/token", OAuthController, :token_exchange)
+    post("/revoke", OAuthController, :token_revoke)
   end
 
   scope "/api/v1", Pleroma.Web.MastodonAPI do
@@ -115,6 +118,7 @@ defmodule Pleroma.Web.Router do
     post("/accounts/:id/unblock", MastodonAPIController, :unblock)
     post("/accounts/:id/mute", MastodonAPIController, :relationship_noop)
     post("/accounts/:id/unmute", MastodonAPIController, :relationship_noop)
+    get("/accounts/:id/lists", MastodonAPIController, :account_lists)
 
     get("/follow_requests", MastodonAPIController, :follow_requests)
     post("/follow_requests/:id/authorize", MastodonAPIController, :authorize_follow_request)
@@ -168,6 +172,8 @@ defmodule Pleroma.Web.Router do
     delete("/filters/:id", MastodonAPIController, :delete_filter)
 
     get("/suggestions", MastodonAPIController, :suggestions)
+
+    get("/endorsements", MastodonAPIController, :empty_array)
   end
 
   scope "/api/web", Pleroma.Web.MastodonAPI do
@@ -347,11 +353,9 @@ defmodule Pleroma.Web.Router do
   end
 
   if @federating do
-    if @allow_relay do
-      scope "/relay", Pleroma.Web.ActivityPub do
-        pipe_through(:ap_relay)
-        get("/", ActivityPubController, :relay)
-      end
+    scope "/relay", Pleroma.Web.ActivityPub do
+      pipe_through(:ap_relay)
+      get("/", ActivityPubController, :relay)
     end
 
     scope "/", Pleroma.Web.ActivityPub do
@@ -394,6 +398,8 @@ defmodule Pleroma.Web.Router do
   scope "/", Fallback do
     get("/registration/:token", RedirectController, :registration_page)
     get("/*path", RedirectController, :redirector)
+
+    options("/*path", RedirectController, :empty)
   end
 end
 
@@ -411,4 +417,10 @@ defmodule Fallback.RedirectController do
   def registration_page(conn, params) do
     redirector(conn, params)
   end
+
+  def empty(conn, _params) do
+    conn
+    |> put_status(204)
+    |> text("")
+  end
 end