X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fweb.ex;h=ae7c94640f83065a91f3cc3e7a68d9540c879845;hb=24f760c2f732465151655fd4cd69cc149546b29f;hp=bfb6c728784055ab925799f1ef7f84de7aa0ee76;hpb=90986667cedb20b316ae4e160729d78d692d0c0e;p=akkoma
diff --git a/lib/pleroma/web/web.ex b/lib/pleroma/web/web.ex
index bfb6c7287..ae7c94640 100644
--- a/lib/pleroma/web/web.ex
+++ b/lib/pleroma/web/web.ex
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web do
@@ -29,11 +29,40 @@ defmodule Pleroma.Web do
import Pleroma.Web.Router.Helpers
import Pleroma.Web.TranslationHelpers
+ alias Pleroma.Plugs.PlugHelper
+
plug(:set_put_layout)
defp set_put_layout(conn, _) do
put_layout(conn, Pleroma.Config.get(:app_layout, "app.html"))
end
+
+ # Marks a plug intentionally skipped and blocks its execution if it's present in plugs chain
+ defp skip_plug(conn, plug_module) do
+ try do
+ plug_module.ensure_skippable()
+ rescue
+ UndefinedFunctionError ->
+ raise "#{plug_module} is not skippable. Append `use Pleroma.Web, :plug` to its code."
+ end
+
+ PlugHelper.append_to_skipped_plugs(conn, plug_module)
+ end
+
+ # Here we can apply before-action hooks (e.g. verify whether auth checks were preformed)
+ defp action(conn, params) do
+ if Pleroma.Plugs.AuthExpectedPlug.auth_expected?(conn) &&
+ not PlugHelper.plug_called_or_skipped?(conn, Pleroma.Plugs.OAuthScopesPlug) do
+ conn
+ |> render_error(
+ :forbidden,
+ "Security violation: OAuth scopes check was neither handled nor explicitly skipped."
+ )
+ |> halt()
+ else
+ super(conn, params)
+ end
+ end
end
end
@@ -66,23 +95,9 @@ defmodule Pleroma.Web do
end
@doc """
- Same as `render_many/4` but wrapped in rescue block and parallelized (unless disabled by passing false as a fifth argument).
+ Same as `render_many/4` but wrapped in rescue block.
"""
- def safe_render_many(collection, view, template, assigns \\ %{}, parallel \\ true)
-
- def safe_render_many(collection, view, template, assigns, true) do
- Enum.map(collection, fn resource ->
- Task.async(fn ->
- as = Map.get(assigns, :as) || view.__resource__
- assigns = Map.put(assigns, as, resource)
- safe_render(view, template, assigns)
- end)
- end)
- |> Enum.map(&Task.await(&1, :infinity))
- |> Enum.filter(& &1)
- end
-
- def safe_render_many(collection, view, template, assigns, false) do
+ def safe_render_many(collection, view, template, assigns \\ %{}) do
Enum.map(collection, fn resource ->
as = Map.get(assigns, :as) || view.__resource__
assigns = Map.put(assigns, as, resource)
@@ -110,6 +125,26 @@ defmodule Pleroma.Web do
end
end
+ def plug do
+ quote do
+ alias Pleroma.Plugs.PlugHelper
+
+ def ensure_skippable, do: :noop
+
+ @impl Plug
+ @doc "If marked as skipped, returns `conn`, and calls `perform/2` otherwise."
+ def call(%Plug.Conn{} = conn, options) do
+ if PlugHelper.plug_skipped?(conn, __MODULE__) do
+ conn
+ else
+ conn
+ |> PlugHelper.append_to_called_plugs(__MODULE__)
+ |> perform(options)
+ end
+ end
+ end
+ end
+
@doc """
When used, dispatch to the appropriate controller/view/etc.
"""