1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web do
7 A module that keeps using definitions for controllers,
10 This can be used in your application as:
12 use Pleroma.Web, :controller
13 use Pleroma.Web, :view
15 The definitions below will be executed for every view,
16 controller, etc, so keep them short and clean, focused
17 on imports, uses and aliases.
19 Do NOT define functions inside the quoted expressions
23 alias Pleroma.Helpers.AuthHelper
24 alias Pleroma.Web.Plugs.EnsureAuthenticatedPlug
25 alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
26 alias Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug
27 alias Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug
28 alias Pleroma.Web.Plugs.OAuthScopesPlug
29 alias Pleroma.Web.Plugs.PlugHelper
35 use Phoenix.Controller, namespace: Pleroma.Web
39 import Pleroma.Web.Gettext
40 import Pleroma.Web.Router.Helpers
41 import Pleroma.Web.TranslationHelpers
45 defp set_put_layout(conn, _) do
46 put_layout(conn, Pleroma.Config.get(:app_layout, "app.html"))
49 # Marks plugs intentionally skipped and blocks their execution if present in plugs chain
50 defp skip_plug(conn, plug_modules) do
55 fn plug_module, conn ->
57 plug_module.skip_plug(conn)
59 UndefinedFunctionError ->
60 raise "`#{plug_module}` is not skippable. Append `use Pleroma.Web, :plug` to its code."
66 # Executed just before actual controller action, invokes before-action hooks (callbacks)
67 defp action(conn, params) do
68 with %{halted: false} = conn <-
69 maybe_drop_authentication_if_oauth_check_ignored(conn),
70 %{halted: false} = conn <- maybe_perform_public_or_authenticated_check(conn),
71 %{halted: false} = conn <- maybe_perform_authenticated_check(conn),
72 %{halted: false} = conn <- maybe_halt_on_missing_oauth_scopes_check(conn) do
77 # For non-authenticated API actions, drops auth info if OAuth scopes check was ignored
78 # (neither performed nor explicitly skipped)
79 defp maybe_drop_authentication_if_oauth_check_ignored(conn) do
80 if PlugHelper.plug_called?(conn, ExpectPublicOrAuthenticatedCheckPlug) and
81 not PlugHelper.plug_called_or_skipped?(conn, OAuthScopesPlug) do
82 AuthHelper.drop_auth_info(conn)
88 # Ensures instance is public -or- user is authenticated if such check was scheduled
89 defp maybe_perform_public_or_authenticated_check(conn) do
90 if PlugHelper.plug_called?(conn, ExpectPublicOrAuthenticatedCheckPlug) do
91 EnsurePublicOrAuthenticatedPlug.call(conn, %{})
97 # Ensures user is authenticated if such check was scheduled
98 # Note: runs prior to action even if it was already executed earlier in plug chain
99 # (since OAuthScopesPlug has option of proceeding unauthenticated)
100 defp maybe_perform_authenticated_check(conn) do
101 if PlugHelper.plug_called?(conn, ExpectAuthenticatedCheckPlug) do
102 EnsureAuthenticatedPlug.call(conn, %{})
108 # Halts if authenticated API action neither performs nor explicitly skips OAuth scopes check
109 defp maybe_halt_on_missing_oauth_scopes_check(conn) do
110 if PlugHelper.plug_called?(conn, ExpectAuthenticatedCheckPlug) and
111 not PlugHelper.plug_called_or_skipped?(conn, OAuthScopesPlug) do
115 "Security violation: OAuth scopes check was neither handled nor explicitly skipped."
128 root: "lib/pleroma/web/templates",
129 namespace: Pleroma.Web
131 # Import convenience functions from controllers
132 import Phoenix.Controller, only: [get_csrf_token: 0, get_flash: 2, view_module: 1]
134 import Pleroma.Web.ErrorHelpers
135 import Pleroma.Web.Gettext
136 import Pleroma.Web.Router.Helpers
140 @doc "Same as `render/3` but wrapped in a rescue block"
141 def safe_render(view, template, assigns \\ %{}) do
142 Phoenix.View.render(view, template, assigns)
146 "#{__MODULE__} failed to render #{inspect({view, template})}\n" <>
147 Exception.format(:error, error, __STACKTRACE__)
154 Same as `render_many/4` but wrapped in rescue block.
156 def safe_render_many(collection, view, template, assigns \\ %{}) do
157 Enum.map(collection, fn resource ->
158 as = Map.get(assigns, :as) || view.__resource__
159 assigns = Map.put(assigns, as, resource)
160 safe_render(view, template, assigns)
170 # credo:disable-for-next-line Credo.Check.Consistency.MultiAliasImportRequireUse
172 import Phoenix.Controller
178 # credo:disable-for-next-line Credo.Check.Consistency.MultiAliasImportRequireUse
179 import Phoenix.Channel
180 import Pleroma.Web.Gettext
186 @behaviour Pleroma.Web.Plug
190 Marks a plug intentionally skipped and blocks its execution if it's present in plugs chain.
192 def skip_plug(conn) do
193 PlugHelper.append_to_private_list(
195 PlugHelper.skipped_plugs_list_id(),
202 Before-plug hook that
203 * ensures the plug is not skipped
204 * processes `:if_func` / `:unless_func` functional pre-run conditions
205 * adds plug to the list of called plugs and calls `perform/2` if checks are passed
207 Note: multiple invocations of the same plug (with different or same options) are allowed.
209 def call(%Plug.Conn{} = conn, options) do
210 if PlugHelper.plug_skipped?(conn, __MODULE__) ||
211 (options[:if_func] && !options[:if_func].(conn)) ||
212 (options[:unless_func] && options[:unless_func].(conn)) do
216 PlugHelper.append_to_private_list(
218 PlugHelper.called_plugs_list_id(),
222 apply(__MODULE__, :perform, [conn, options])
229 When used, dispatch to the appropriate controller/view/etc.
231 defmacro __using__(which) when is_atom(which) do
232 apply(__MODULE__, which, [])
236 Pleroma.Web.Endpoint.url()
239 def get_api_routes do
240 Pleroma.Web.Router.__routes__()
243 r.plug == Pleroma.Web.Fallback.RedirectController or
244 String.starts_with?(r.path, "/#{@mix_env}")
248 |> String.split("/", trim: true)