X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=inline;f=lib%2Fpleroma%2Fweb%2Fmasto_fe_controller.ex;h=7b6e01aad1c5cec815f85b7f187b3d1e1ea5fd9d;hb=a079ec3a3cdfd42d2cbd51c7698c2c87828e5778;hp=ac9af7502a324609916d6cbf6f6172da73ab3142;hpb=f459aabdfafa990b33610438650f882ccac072d2;p=akkoma
diff --git a/lib/pleroma/web/masto_fe_controller.ex b/lib/pleroma/web/masto_fe_controller.ex
index ac9af7502..7b6e01aad 100644
--- a/lib/pleroma/web/masto_fe_controller.ex
+++ b/lib/pleroma/web/masto_fe_controller.ex
@@ -1,30 +1,67 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2021 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastoFEController do
use Pleroma.Web, :controller
alias Pleroma.User
+ alias Pleroma.Web.MastodonAPI.AuthController
+ alias Pleroma.Web.OAuth.Token
+ alias Pleroma.Web.Plugs.OAuthScopesPlug
+
+ plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
+
+ # Note: :index action handles attempt of unauthenticated access to private instance with redirect
+ plug(:skip_public_check when action == :index)
+
+ plug(
+ OAuthScopesPlug,
+ %{scopes: ["read"], fallback: :proceed_unauthenticated}
+ when action == :index
+ )
+
+ plug(:skip_auth when action == :manifest)
@doc "GET /web/*path"
- def index(%{assigns: %{user: user}} = conn, _params) do
- token = get_session(conn, :oauth_token)
+ def index(conn, _params) do
+ with %{assigns: %{user: %User{} = user, token: %Token{app_id: token_app_id} = token}} <- conn,
+ {:ok, %{id: ^token_app_id}} <- AuthController.local_mastofe_app() do
+ flavour =
+ [:frontends, :mastodon]
+ |> Pleroma.Config.get()
+ |> Map.get("name", "mastodon-fe")
+
+ index =
+ if flavour == "fedibird-fe" do
+ "fedibird.index.html"
+ else
+ "glitchsoc.index.html"
+ end
- if user && token do
conn
|> put_layout(false)
- |> render("index.html", token: token, user: user, custom_emojis: Pleroma.Emoji.get_all())
+ |> render(index,
+ token: token.token,
+ user: user,
+ custom_emojis: Pleroma.Emoji.get_all()
+ )
else
- conn
- |> put_session(:return_to, conn.request_path)
- |> redirect(to: "/web/login")
+ _ ->
+ conn
+ |> put_session(:return_to, conn.request_path)
+ |> redirect(to: "/web/login")
end
end
- @doc "PUT /api/web/settings"
+ @doc "GET /web/manifest.json"
+ def manifest(conn, _params) do
+ render(conn, "manifest.json")
+ end
+
+ @doc "PUT /api/web/settings: Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere"
def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
- with {:ok, _} <- User.update_info(user, &User.Info.mastodon_settings_update(&1, settings)) do
+ with {:ok, _} <- User.mastodon_settings_update(user, settings) do
json(conn, %{})
else
e ->