X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmasto_fe_controller.ex;h=d2460f51d9edd3da336df33c11f123367e1800c0;hb=33f063204edb63344628bdfa72ff11f81ded62a9;hp=d0d8bc8eb9c5ef3bb28a18b2025937a8201ba43d;hpb=0c491b904d126725866087ad9a51fb6346e2a358;p=akkoma
diff --git a/lib/pleroma/web/masto_fe_controller.ex b/lib/pleroma/web/masto_fe_controller.ex
index d0d8bc8eb..d2460f51d 100644
--- a/lib/pleroma/web/masto_fe_controller.ex
+++ b/lib/pleroma/web/masto_fe_controller.ex
@@ -1,18 +1,19 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors
+# Copyright © 2017-2021 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MastoFEController do
use Pleroma.Web, :controller
- alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
- alias Pleroma.Plugs.OAuthScopesPlug
alias Pleroma.User
+ alias Pleroma.Web.MastodonAPI.AuthController
+ alias Pleroma.Web.OAuth.Token
+ alias Pleroma.Web.Plugs.OAuthScopesPlug
plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
# Note: :index action handles attempt of unauthenticated access to private instance with redirect
- plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action == :index)
+ plug(:skip_public_check when action == :index)
plug(
OAuthScopesPlug,
@@ -20,36 +21,33 @@ defmodule Pleroma.Web.MastoFEController do
when action == :index
)
- plug(
- :skip_plug,
- [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :manifest
- )
+ plug(:skip_auth when action == :manifest)
@doc "GET /web/*path"
- def index(%{assigns: %{user: user, token: token}} = conn, _params)
- when not is_nil(user) and not is_nil(token) do
- conn
- |> put_layout(false)
- |> render("index.html",
- token: token.token,
- user: user,
- custom_emojis: Pleroma.Emoji.get_all()
- )
- end
-
def index(conn, _params) do
- conn
- |> put_session(:return_to, conn.request_path)
- |> redirect(to: "/web/login")
+ with %{assigns: %{user: %User{} = user, token: %Token{app_id: token_app_id} = token}} <- conn,
+ {:ok, %{id: ^token_app_id}} <- AuthController.local_mastofe_app() do
+ conn
+ |> put_layout(false)
+ |> render("index.html",
+ token: token.token,
+ user: user,
+ custom_emojis: Pleroma.Emoji.get_all()
+ )
+ else
+ _ ->
+ conn
+ |> put_session(:return_to, conn.request_path)
+ |> redirect(to: "/web/login")
+ end
end
@doc "GET /web/manifest.json"
def manifest(conn, _params) do
- conn
- |> render("manifest.json")
+ render(conn, "manifest.json")
end
- @doc "PUT /api/web/settings"
+ @doc "PUT /api/web/settings: Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere"
def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
with {:ok, _} <- User.mastodon_settings_update(user, settings) do
json(conn, %{})