MastoAPI Streaming: Keep compatibility with access_token

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3dbbd822579e1266c2a1e78f8b03b81c8316cafa..408085335ff2cc3782be923f87097f180fb1e856 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Mastodon API: Support for the [`tagged` filter](https://github.com/tootsuite/mastodon/pull/9755) in [`GET /api/v1/accounts/:id/statuses`](https://docs.joinmastodon.org/api/rest/accounts/#get-api-v1-accounts-id-statuses)
 - Admin API: Return users' tags when querying reports
 - Admin API: Return avatar and display name when querying users
 - Mastodon API: Support for the [`tagged` filter](https://github.com/tootsuite/mastodon/pull/9755) in [`GET /api/v1/accounts/:id/statuses`](https://docs.joinmastodon.org/api/rest/accounts/#get-api-v1-accounts-id-statuses)
 - Admin API: Return users' tags when querying reports
 - Admin API: Return avatar and display name when querying users

+- Mastodon API, streaming: Add support for passing the token in the `Sec-WebSocket-Protocol` header

 
 ### Fixed
 - Not being able to pin unlisted posts
 
 ### Fixed
 - Not being able to pin unlisted posts

diff --git a/lib/pleroma/web/mastodon_api/websocket_handler.ex b/lib/pleroma/web/mastodon_api/websocket_handler.ex
index db6ae23b05264d68e1339c1d39a0f5bb6a8cfa23..dbd3542eadcc57929addcbbad7f682fa95d34d2d 100644 (file)
--- a/lib/pleroma/web/mastodon_api/websocket_handler.ex
+++ b/lib/pleroma/web/mastodon_api/websocket_handler.ex
@@ -29,9 +29,10 @@ defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do
 
   def init(%{qs: qs} = req, state) do
     with params <- :cow_qs.parse_qs(qs),
 
   def init(%{qs: qs} = req, state) do
     with params <- :cow_qs.parse_qs(qs),

-         access_token <- :cowboy_req.header("sec-websocket-protocol", req, 0),
+         sec_websocket <- :cowboy_req.header("sec-websocket-protocol", req, nil),
+         access_token <- List.keyfind(params, "access_token", 0),

          {_, stream} <- List.keyfind(params, "stream", 0),
          {_, stream} <- List.keyfind(params, "stream", 0),

-         {:ok, user} <- allow_request(stream, access_token),
+         {:ok, user} <- allow_request(stream, [access_token, sec_websocket]),

          topic when is_binary(topic) <- expand_topic(stream, params) do
       {:cowboy_websocket, req, %{user: user, topic: topic}, %{idle_timeout: @timeout}}
     else
          topic when is_binary(topic) <- expand_topic(stream, params) do
       {:cowboy_websocket, req, %{user: user, topic: topic}, %{idle_timeout: @timeout}}
     else


@@ -84,13 +85,21 @@ defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do
   end
 
   # Public streams without authentication.
   end
 
   # Public streams without authentication.

-  defp allow_request(stream, nil) when stream in @anonymous_streams do
+  defp allow_request(stream, [nil, nil]) when stream in @anonymous_streams do

     {:ok, nil}
   end
 
   # Authenticated streams.
     {:ok, nil}
   end
 
   # Authenticated streams.

-  defp allow_request(stream, access_token) when stream in @streams do
-    with %Token{user_id: user_id} <- Repo.get_by(Token, token: access_token),
+  defp allow_request(stream, [access_token, sec_websocket]) when stream in @streams do
+    token =
+      with {"access_token", token} <- access_token do
+        token
+      else
+        _ -> sec_websocket
+      end
+
+    with true <- is_bitstring(token),
+         %Token{user_id: user_id} <- Repo.get_by(Token, token: token),

          user = %User{} <- User.get_cached_by_id(user_id) do
       {:ok, user}
     else
          user = %User{} <- User.get_cached_by_id(user_id) do
       {:ok, user}
     else