spc-pleroma/lib/pleroma/web/plugs/admin_secret_authentication...

61 lines
1.3 KiB
Elixir

# Pleroma: A lightweight social networking server
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlug do
import Plug.Conn
alias Pleroma.Helpers.AuthHelper
alias Pleroma.User
alias Pleroma.Web.Plugs.RateLimiter
def init(options) do
options
end
def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
def call(conn, _) do
if secret_token() do
authenticate(conn)
else
conn
end
end
defp authenticate(%{params: %{"admin_token" => admin_token}} = conn) do
if admin_token == secret_token() do
assign_admin_user(conn)
else
handle_bad_token(conn)
end
end
defp authenticate(conn) do
token = secret_token()
case get_req_header(conn, "x-admin-token") do
blank when blank in [[], [""]] -> conn
[^token] -> assign_admin_user(conn)
_ -> handle_bad_token(conn)
end
end
defp secret_token do
case Pleroma.Config.get(:admin_token) do
blank when blank in [nil, ""] -> nil
token -> token
end
end
defp assign_admin_user(conn) do
conn
|> assign(:user, %User{is_admin: true})
|> AuthHelper.skip_oauth()
end
defp handle_bad_token(conn) do
RateLimiter.call(conn, name: :authentication)
end
end