Attempt to filter out API calls from FrontendStatic plug

This commit is contained in:
Mark Felder 2021-02-24 15:23:45 -06:00
parent 6b6791f911
commit cea31df6a6
2 changed files with 23 additions and 2 deletions

View File

@ -63,7 +63,8 @@ defp skip_plug(conn, plug_modules) do
# Executed just before actual controller action, invokes before-action hooks (callbacks) # Executed just before actual controller action, invokes before-action hooks (callbacks)
defp action(conn, params) do defp action(conn, params) do
with %{halted: false} = conn <- maybe_drop_authentication_if_oauth_check_ignored(conn), with %{halted: false} = conn <-
maybe_drop_authentication_if_oauth_check_ignored(conn),
%{halted: false} = conn <- maybe_perform_public_or_authenticated_check(conn), %{halted: false} = conn <- maybe_perform_public_or_authenticated_check(conn),
%{halted: false} = conn <- maybe_perform_authenticated_check(conn), %{halted: false} = conn <- maybe_perform_authenticated_check(conn),
%{halted: false} = conn <- maybe_halt_on_missing_oauth_scopes_check(conn) do %{halted: false} = conn <- maybe_halt_on_missing_oauth_scopes_check(conn) do
@ -232,4 +233,15 @@ defmacro __using__(which) when is_atom(which) do
def base_url do def base_url do
Pleroma.Web.Endpoint.url() Pleroma.Web.Endpoint.url()
end end
def get_api_routes do
Pleroma.Web.Router.__routes__()
|> Stream.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end)
|> Enum.map(fn r ->
r.path
|> String.split("/", trim: true)
|> List.first()
end)
|> Enum.uniq()
end
end end

View File

@ -10,6 +10,8 @@ defmodule Pleroma.Web.Plugs.FrontendStatic do
""" """
@behaviour Plug @behaviour Plug
@api_routes Pleroma.Web.get_api_routes()
def file_path(path, frontend_type \\ :primary) do def file_path(path, frontend_type \\ :primary) do
if configuration = Pleroma.Config.get([:frontends, frontend_type]) do if configuration = Pleroma.Config.get([:frontends, frontend_type]) do
instance_static_path = Pleroma.Config.get([:instance, :static_dir], "instance/static") instance_static_path = Pleroma.Config.get([:instance, :static_dir], "instance/static")
@ -34,7 +36,8 @@ def init(opts) do
end end
def call(conn, opts) do def call(conn, opts) do
with false <- invalid_path?(conn.path_info), with false <- api_route?(conn.path_info),
false <- invalid_path?(conn.path_info),
frontend_type <- Map.get(opts, :frontend_type, :primary), frontend_type <- Map.get(opts, :frontend_type, :primary),
path when not is_nil(path) <- file_path("", frontend_type) do path when not is_nil(path) <- file_path("", frontend_type) do
call_static(conn, opts, path) call_static(conn, opts, path)
@ -52,6 +55,12 @@ defp invalid_path?([h | _], _match) when h in [".", "..", ""], do: true
defp invalid_path?([h | t], match), do: String.contains?(h, match) or invalid_path?(t) defp invalid_path?([h | t], match), do: String.contains?(h, match) or invalid_path?(t)
defp invalid_path?([], _match), do: false defp invalid_path?([], _match), do: false
defp api_route?(list) when is_list(list) and length(list) > 0 do
List.first(list) in @api_routes
end
defp api_route?(_), do: false
defp call_static(conn, opts, from) do defp call_static(conn, opts, from) do
opts = Map.put(opts, :from, from) opts = Map.put(opts, :from, from)
Plug.Static.call(conn, opts) Plug.Static.call(conn, opts)