X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fweb.ex;h=1af29ce788bcdadffb18871f372e1e76c256c252;hb=fc81e5a49c34224e07e85f490a30f92db0835d45;hp=ee7ee78e9c1f565cc80d641dee9a31423bfa0e8f;hpb=8141024259ee4bebd58d6ecd963f181aad420846;p=akkoma diff --git a/lib/pleroma/web/web.ex b/lib/pleroma/web/web.ex index ee7ee78e9..1af29ce78 100644 --- a/lib/pleroma/web/web.ex +++ b/lib/pleroma/web/web.ex @@ -1,3 +1,7 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Web do @moduledoc """ A module that keeps using definitions for controllers, @@ -19,29 +23,89 @@ defmodule Pleroma.Web do def controller do quote do use Phoenix.Controller, namespace: Pleroma.Web + import Plug.Conn - import Pleroma.Web.Router.Helpers import Pleroma.Web.Gettext + import Pleroma.Web.Router.Helpers + import Pleroma.Web.TranslationHelpers + + alias Pleroma.Plugs.PlugHelper + + plug(:set_put_layout) + + defp set_put_layout(conn, _) do + put_layout(conn, Pleroma.Config.get(:app_layout, "app.html")) + end + + # Marks a plug as intentionally skipped + # (states that the plug is not called for a good reason, not by a mistake) + defp skip_plug(conn, plug_module) do + PlugHelper.append_to_skipped_plugs(conn, plug_module) + end + + # Here we can apply before-action hooks (e.g. verify whether auth checks were preformed) + defp action(conn, params) do + if conn.private[:auth_expected] && + not PlugHelper.plug_called_or_skipped?(conn, Pleroma.Plugs.OAuthScopesPlug) do + conn + |> render_error( + :forbidden, + "Security violation: OAuth scopes check was neither handled nor explicitly skipped." + ) + |> halt() + else + super(conn, params) + end + end end end def view do quote do - use Phoenix.View, root: "lib/pleroma/web/templates", - namespace: Pleroma.Web + use Phoenix.View, + root: "lib/pleroma/web/templates", + namespace: Pleroma.Web # Import convenience functions from controllers import Phoenix.Controller, only: [get_csrf_token: 0, get_flash: 2, view_module: 1] - import Pleroma.Web.Router.Helpers import Pleroma.Web.ErrorHelpers import Pleroma.Web.Gettext + import Pleroma.Web.Router.Helpers + + require Logger + + @doc "Same as `render/3` but wrapped in a rescue block" + def safe_render(view, template, assigns \\ %{}) do + Phoenix.View.render(view, template, assigns) + rescue + error -> + Logger.error( + "#{__MODULE__} failed to render #{inspect({view, template})}\n" <> + Exception.format(:error, error, __STACKTRACE__) + ) + + nil + end + + @doc """ + Same as `render_many/4` but wrapped in rescue block. + """ + def safe_render_many(collection, view, template, assigns \\ %{}) do + Enum.map(collection, fn resource -> + as = Map.get(assigns, :as) || view.__resource__ + assigns = Map.put(assigns, as, resource) + safe_render(view, template, assigns) + end) + |> Enum.filter(& &1) + end end end def router do quote do use Phoenix.Router + # credo:disable-for-next-line Credo.Check.Consistency.MultiAliasImportRequireUse import Plug.Conn import Phoenix.Controller end @@ -49,6 +113,7 @@ defmodule Pleroma.Web do def channel do quote do + # credo:disable-for-next-line Credo.Check.Consistency.MultiAliasImportRequireUse use Phoenix.Channel import Pleroma.Web.Gettext end @@ -62,6 +127,6 @@ defmodule Pleroma.Web do end def base_url do - Pleroma.Web.Endpoint.url + Pleroma.Web.Endpoint.url() end end