X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fweb.ex;h=1af29ce788bcdadffb18871f372e1e76c256c252;hb=fc81e5a49c34224e07e85f490a30f92db0835d45;hp=66813e4ddaffa5ad1fd4f807047e639c86a29cc0;hpb=1b4c4d29a3bff0d316162b6a71b1e7ca0ff12647;p=akkoma
diff --git a/lib/pleroma/web/web.ex b/lib/pleroma/web/web.ex
index 66813e4dd..1af29ce78 100644
--- a/lib/pleroma/web/web.ex
+++ b/lib/pleroma/web/web.ex
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web do
@@ -23,15 +23,40 @@ defmodule Pleroma.Web do
def controller do
quote do
use Phoenix.Controller, namespace: Pleroma.Web
+
import Plug.Conn
import Pleroma.Web.Gettext
import Pleroma.Web.Router.Helpers
+ import Pleroma.Web.TranslationHelpers
+
+ alias Pleroma.Plugs.PlugHelper
plug(:set_put_layout)
defp set_put_layout(conn, _) do
put_layout(conn, Pleroma.Config.get(:app_layout, "app.html"))
end
+
+ # Marks a plug as intentionally skipped
+ # (states that the plug is not called for a good reason, not by a mistake)
+ defp skip_plug(conn, plug_module) do
+ PlugHelper.append_to_skipped_plugs(conn, plug_module)
+ end
+
+ # Here we can apply before-action hooks (e.g. verify whether auth checks were preformed)
+ defp action(conn, params) do
+ if conn.private[:auth_expected] &&
+ not PlugHelper.plug_called_or_skipped?(conn, Pleroma.Plugs.OAuthScopesPlug) do
+ conn
+ |> render_error(
+ :forbidden,
+ "Security violation: OAuth scopes check was neither handled nor explicitly skipped."
+ )
+ |> halt()
+ else
+ super(conn, params)
+ end
+ end
end
end
@@ -56,10 +81,10 @@ defmodule Pleroma.Web do
rescue
error ->
Logger.error(
- "#{__MODULE__} failed to render #{inspect({view, template})}: #{inspect(error)}"
+ "#{__MODULE__} failed to render #{inspect({view, template})}\n" <>
+ Exception.format(:error, error, __STACKTRACE__)
)
- Logger.error(inspect(__STACKTRACE__))
nil
end