logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

admin_secret_authentication_plug.ex (1352B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlug do
  6.   import Plug.Conn
  8.   alias Pleroma.Helpers.AuthHelper
  9.   alias Pleroma.User
  10.   alias Pleroma.Web.Plugs.RateLimiter
  12.   def init(options) do
  13.     options
  14.   end
  16.   def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
  18.   def call(conn, _) do
  19.     if secret_token() do
  20.       authenticate(conn)
  21.     else
  22.       conn
  23.     end
  24.   end
  26.   defp authenticate(%{params: %{"admin_token" => admin_token}} = conn) do
  27.     if admin_token == secret_token() do
  28.       assign_admin_user(conn)
  29.     else
  30.       handle_bad_token(conn)
  31.     end
  32.   end
  34.   defp authenticate(conn) do
  35.     token = secret_token()
  37.     case get_req_header(conn, "x-admin-token") do
  38.       blank when blank in [[], [""]] -> conn
  39.       [^token] -> assign_admin_user(conn)
  40.       _ -> handle_bad_token(conn)
  41.     end
  42.   end
  44.   defp secret_token do
  45.     case Pleroma.Config.get(:admin_token) do
  46.       blank when blank in [nil, ""] -> nil
  47.       token -> token
  48.     end
  49.   end
  51.   defp assign_admin_user(conn) do
  52.     conn
  53.     |> assign(:user, %User{is_admin: true})
  54.     |> AuthHelper.skip_oauth()
  55.   end
  57.   defp handle_bad_token(conn) do
  58.     RateLimiter.call(conn, name: :authentication)
  59.   end
  60. end