Merge branch 'fix/credo-issues' into 'develop'

[akkoma] / lib / pleroma / web / websub / websub_controller.ex

diff --git a/lib/pleroma/web/websub/websub_controller.ex b/lib/pleroma/web/websub/websub_controller.ex
index 590dd74a1303fbfad67252b4e3b04c33870199ad..1ad18a8a4edad84fae8252a4ca5b266b6a62096e 100644 (file)
--- a/lib/pleroma/web/websub/websub_controller.ex
+++ b/lib/pleroma/web/websub/websub_controller.ex
@@ -1,10 +1,27 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Web.Websub.WebsubController do
   use Pleroma.Web, :controller
-  alias Pleroma.{Repo, User}
-  alias Pleroma.Web.{Websub, Federator}
+
+  alias Pleroma.Repo
+  alias Pleroma.User
+  alias Pleroma.Web.Websub
+  alias Pleroma.Web.Federator
   alias Pleroma.Web.Websub.WebsubClientSubscription
+
   require Logger
 
+  plug(
+    Pleroma.Web.FederatingPlug
+    when action in [
+           :websub_subscription_request,
+           :websub_subscription_confirmation,
+           :websub_incoming
+         ]
+  )
+
   def websub_subscription_request(conn, %{"nickname" => nickname} = params) do
     user = User.get_cached_by_nickname(nickname)
 
@@ -54,6 +71,13 @@ defmodule Pleroma.Web.Websub.WebsubController do
     end
   end
 
+  def websub_subscription_confirmation(conn, params) do
+    Logger.info("Invalid WebSub confirmation request: #{inspect(params)}")
+
+    conn
+    |> send_resp(500, "Invalid parameters")
+  end
+
   def websub_incoming(conn, %{"id" => id}) do
     with "sha1=" <> signature <- hd(get_req_header(conn, "x-hub-signature")),
          signature <- String.downcase(signature),