2018-12-23 20:04:54 +00:00
|
|
|
# Pleroma: A lightweight social networking server
|
2023-01-01 11:11:47 +00:00
|
|
|
# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
|
2018-12-23 20:04:54 +00:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2020-06-24 08:18:42 +00:00
|
|
|
defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlug do
|
2018-12-18 20:08:52 +00:00
|
|
|
import Plug.Conn
|
2020-07-19 18:35:57 +00:00
|
|
|
|
2020-10-31 10:38:35 +00:00
|
|
|
alias Pleroma.Helpers.AuthHelper
|
2020-07-14 08:58:41 +00:00
|
|
|
alias Pleroma.User
|
2020-08-16 17:28:31 +00:00
|
|
|
alias Pleroma.Web.Plugs.RateLimiter
|
2018-12-18 20:08:52 +00:00
|
|
|
|
|
|
|
def init(options) do
|
|
|
|
options
|
|
|
|
end
|
|
|
|
|
|
|
|
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
|
|
|
|
|
2019-11-19 08:58:20 +00:00
|
|
|
def call(conn, _) do
|
|
|
|
if secret_token() do
|
|
|
|
authenticate(conn)
|
|
|
|
else
|
2018-12-18 20:08:52 +00:00
|
|
|
conn
|
2019-11-19 08:58:20 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-12-06 10:59:10 +00:00
|
|
|
defp authenticate(%{params: %{"admin_token" => admin_token}} = conn) do
|
2019-11-19 08:58:20 +00:00
|
|
|
if admin_token == secret_token() do
|
2020-07-19 18:35:57 +00:00
|
|
|
assign_admin_user(conn)
|
2018-12-18 20:08:52 +00:00
|
|
|
else
|
2020-07-14 08:58:41 +00:00
|
|
|
handle_bad_token(conn)
|
2018-12-18 20:08:52 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-12-06 10:59:10 +00:00
|
|
|
defp authenticate(conn) do
|
2019-11-19 08:58:20 +00:00
|
|
|
token = secret_token()
|
|
|
|
|
|
|
|
case get_req_header(conn, "x-admin-token") do
|
2020-07-14 08:58:41 +00:00
|
|
|
blank when blank in [[], [""]] -> conn
|
2020-07-19 18:35:57 +00:00
|
|
|
[^token] -> assign_admin_user(conn)
|
2020-07-14 08:58:41 +00:00
|
|
|
_ -> handle_bad_token(conn)
|
2019-11-19 08:58:20 +00:00
|
|
|
end
|
|
|
|
end
|
2020-07-19 18:35:57 +00:00
|
|
|
|
2020-12-06 10:59:10 +00:00
|
|
|
defp secret_token do
|
|
|
|
case Pleroma.Config.get(:admin_token) do
|
|
|
|
blank when blank in [nil, ""] -> nil
|
|
|
|
token -> token
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-07-19 18:35:57 +00:00
|
|
|
defp assign_admin_user(conn) do
|
|
|
|
conn
|
|
|
|
|> assign(:user, %User{is_admin: true})
|
2020-10-31 10:38:35 +00:00
|
|
|
|> AuthHelper.skip_oauth()
|
2020-07-19 18:35:57 +00:00
|
|
|
end
|
2020-07-14 08:58:41 +00:00
|
|
|
|
|
|
|
defp handle_bad_token(conn) do
|
|
|
|
RateLimiter.call(conn, name: :authentication)
|
|
|
|
end
|
2018-12-18 20:08:52 +00:00
|
|
|
end
|