logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma

admin_secret_authentication_plug.ex (1348B)

    

  1. # Pleroma: A lightweight social networking server

  2. # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>

  3. # SPDX-License-Identifier: AGPL-3.0-only

  4. 

  5. defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do

  6.   import Plug.Conn

  7. 

  8.   alias Pleroma.Plugs.OAuthScopesPlug

  9.   alias Pleroma.Plugs.RateLimiter

  10.   alias Pleroma.User

  11. 

  12.   def init(options) do

  13.     options

  14.   end

  15. 

  16.   def secret_token do

  17.     case Pleroma.Config.get(:admin_token) do

  18.       blank when blank in [nil, ""] -> nil

  19.       token -> token

  20.     end

  21.   end

  22. 

  23.   def call(%{assigns: %{user: %User{}}} = conn, _), do: conn

  24. 

  25.   def call(conn, _) do

  26.     if secret_token() do

  27.       authenticate(conn)

  28.     else

  29.       conn

  30.     end

  31.   end

  32. 

  33.   def authenticate(%{params: %{"admin_token" => admin_token}} = conn) do

  34.     if admin_token == secret_token() do

  35.       assign_admin_user(conn)

  36.     else

  37.       handle_bad_token(conn)

  38.     end

  39.   end

  40. 

  41.   def authenticate(conn) do

  42.     token = secret_token()

  43. 

  44.     case get_req_header(conn, "x-admin-token") do

  45.       blank when blank in [[], [""]] -> conn

  46.       [^token] -> assign_admin_user(conn)

  47.       _ -> handle_bad_token(conn)

  48.     end

  49.   end

  50. 

  51.   defp assign_admin_user(conn) do

  52.     conn

  53.     |> assign(:user, %User{is_admin: true})

  54.     |> OAuthScopesPlug.skip_plug()

  55.   end

  56. 

  57.   defp handle_bad_token(conn) do

  58.     RateLimiter.call(conn, name: :authentication)

  59.   end

  60. end