X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmasto_fe_controller.ex;h=d2460f51d9edd3da336df33c11f123367e1800c0;hb=45b7325b9ef8110b424df3541b321c9a220f886c;hp=08f92d55fb097f2fcf9a78424a360b1cd1cdfd15;hpb=049ece1ef38f1aeb656a88ed1d15bf3d4a364e01;p=akkoma

diff --git a/lib/pleroma/web/masto_fe_controller.ex b/lib/pleroma/web/masto_fe_controller.ex
index 08f92d55f..d2460f51d 100644
--- a/lib/pleroma/web/masto_fe_controller.ex
+++ b/lib/pleroma/web/masto_fe_controller.ex
@@ -1,18 +1,19 @@
 # Pleroma: A lightweight social networking server
-# Copyright Â© 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright Â© 2017-2021 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastoFEController do
   use Pleroma.Web, :controller
 
   alias Pleroma.User
-  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Web.MastodonAPI.AuthController
+  alias Pleroma.Web.OAuth.Token
   alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
 
   # Note: :index action handles attempt of unauthenticated access to private instance with redirect
-  plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action == :index)
+  plug(:skip_public_check when action == :index)
 
   plug(
     OAuthScopesPlug,
@@ -20,33 +21,30 @@ defmodule Pleroma.Web.MastoFEController do
     when action == :index
   )
 
-  plug(
-    :skip_plug,
-    [OAuthScopesPlug, EnsurePublicOrAuthenticatedPlug] when action == :manifest
-  )
+  plug(:skip_auth when action == :manifest)
 
   @doc "GET /web/*path"
-  def index(%{assigns: %{user: user, token: token}} = conn, _params)
-      when not is_nil(user) and not is_nil(token) do
-    conn
-    |> put_layout(false)
-    |> render("index.html",
-      token: token.token,
-      user: user,
-      custom_emojis: Pleroma.Emoji.get_all()
-    )
-  end
-
   def index(conn, _params) do
-    conn
-    |> put_session(:return_to, conn.request_path)
-    |> redirect(to: "/web/login")
+    with %{assigns: %{user: %User{} = user, token: %Token{app_id: token_app_id} = token}} <- conn,
+         {:ok, %{id: ^token_app_id}} <- AuthController.local_mastofe_app() do
+      conn
+      |> put_layout(false)
+      |> render("index.html",
+        token: token.token,
+        user: user,
+        custom_emojis: Pleroma.Emoji.get_all()
+      )
+    else
+      _ ->
+        conn
+        |> put_session(:return_to, conn.request_path)
+        |> redirect(to: "/web/login")
+    end
   end
 
   @doc "GET /web/manifest.json"
   def manifest(conn, _params) do
-    conn
-    |> render("manifest.json")
+    render(conn, "manifest.json")
   end
 
   @doc "PUT /api/web/settings: Backend-obscure settings blob for MastoFE, don't parse/reuse elsewhere"