Merge branch 'develop' into refactor/locked_user_field

lib/credo/check/consistency/file_location.ex

@@ -0,0 +1,166 @@
+# Pleroma: A lightweight social networking server
+# Originally taken from
+# https://github.com/VeryBigThings/elixir_common/blob/master/lib/vbt/credo/check/consistency/file_location.ex
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Credo.Check.Consistency.FileLocation do
+  @moduledoc false
+
+  # credo:disable-for-this-file Credo.Check.Readability.Specs
+
+  @checkdoc """
+  File location should follow the namespace hierarchy of the module it defines.
+
+  Examples:
+
+      - `lib/my_system.ex` should define the `MySystem` module
+      - `lib/my_system/accounts.ex` should define the `MySystem.Accounts` module
+  """
+  @explanation [warning: @checkdoc]
+
+  @special_namespaces [
+    "controllers",
+    "views",
+    "operations",
+    "channels"
+  ]
+
+  # `use Credo.Check` required that module attributes are already defined, so we need
+  # to place these attributes
+  # before use/alias expressions.
+  # credo:disable-for-next-line VBT.Credo.Check.Consistency.ModuleLayout
+  use Credo.Check, category: :warning, base_priority: :high
+
+  alias Credo.Code
+
+  def run(source_file, params \\ []) do
+    case verify(source_file, params) do
+      :ok ->
+        []
+
+      {:error, module, expected_file} ->
+        error(IssueMeta.for(source_file, params), module, expected_file)
+    end
+  end
+
+  defp verify(source_file, params) do
+    source_file.filename
+    |> Path.relative_to_cwd()
+    |> verify(Code.ast(source_file), params)
+  end
+
+  @doc false
+  def verify(relative_path, ast, params) do
+    if verify_path?(relative_path, params),
+      do: ast |> main_module() |> verify_module(relative_path, params),
+      else: :ok
+  end
+
+  defp verify_path?(relative_path, params) do
+    case Path.split(relative_path) do
+      ["lib" | _] -> not exclude?(relative_path, params)
+      ["test", "support" | _] -> false
+      ["test", "test_helper.exs"] -> false
+      ["test" | _] -> not exclude?(relative_path, params)
+      _ -> false
+    end
+  end
+
+  defp exclude?(relative_path, params) do
+    params
+    |> Keyword.get(:exclude, [])
+    |> Enum.any?(&String.starts_with?(relative_path, &1))
+  end
+
+  defp main_module(ast) do
+    {_ast, modules} = Macro.prewalk(ast, [], &traverse/2)
+    Enum.at(modules, -1)
+  end
+
+  defp traverse({:defmodule, _meta, args}, modules) do
+    [{:__aliases__, _, name_parts}, _module_body] = args
+    {args, [Module.concat(name_parts) | modules]}
+  end
+
+  defp traverse(ast, state), do: {ast, state}
+
+  # empty file - shouldn't really happen, but we'll let it through
+  defp verify_module(nil, _relative_path, _params), do: :ok
+
+  defp verify_module(main_module, relative_path, params) do
+    parsed_path = parsed_path(relative_path, params)
+
+    expected_file =
+      expected_file_base(parsed_path.root, main_module) <>
+        Path.extname(parsed_path.allowed)
+
+    cond do
+      expected_file == parsed_path.allowed ->
+        :ok
+
+      special_namespaces?(parsed_path.allowed) ->
+        original_path = parsed_path.allowed
+
+        namespace =
+          Enum.find(@special_namespaces, original_path, fn namespace ->
+            String.contains?(original_path, namespace)
+          end)
+
+        allowed = String.replace(original_path, "/" <> namespace, "")
+
+        if expected_file == allowed,
+          do: :ok,
+          else: {:error, main_module, expected_file}
+
+      true ->
+        {:error, main_module, expected_file}
+    end
+  end
+
+  defp special_namespaces?(path), do: String.contains?(path, @special_namespaces)
+
+  defp parsed_path(relative_path, params) do
+    parts = Path.split(relative_path)
+
+    allowed =
+      Keyword.get(params, :ignore_folder_namespace, %{})
+      |> Stream.flat_map(fn {root, folders} -> Enum.map(folders, &Path.join([root, &1])) end)
+      |> Stream.map(&Path.split/1)
+      |> Enum.find(&List.starts_with?(parts, &1))
+      |> case do
+        nil ->
+          relative_path
+
+        ignore_parts ->
+          Stream.drop(ignore_parts, -1)
+          |> Enum.concat(Stream.drop(parts, length(ignore_parts)))
+          |> Path.join()
+      end
+
+    %{root: hd(parts), allowed: allowed}
+  end
+
+  defp expected_file_base(root_folder, module) do
+    {parent_namespace, module_name} = module |> Module.split() |> Enum.split(-1)
+
+    relative_path =
+      if parent_namespace == [],
+        do: "",
+        else: parent_namespace |> Module.concat() |> Macro.underscore()
+
+    file_name = module_name |> Module.concat() |> Macro.underscore()
+
+    Path.join([root_folder, relative_path, file_name])
+  end
+
+  defp error(issue_meta, module, expected_file) do
+    format_issue(issue_meta,
+      message:
+        "Mismatch between file name and main module #{inspect(module)}. " <>
+          "Expected file path to be #{expected_file}. " <>
+          "Either move the file or rename the module.",
+      line_no: 1
+    )
+  end
+end

lib/pleroma/application.ex

@@ -52,7 +52,7 @@ defmodule Pleroma.Application do
     Pleroma.HTML.compile_scrubbers()
     Pleroma.Config.Oban.warn()
     Config.DeprecationWarnings.warn()
-    Pleroma.Plugs.HTTPSecurityPlug.warn_if_disabled()
+    Pleroma.Web.Plugs.HTTPSecurityPlug.warn_if_disabled()
     Pleroma.ApplicationRequirements.verify!()
     setup_instrumenters()
     load_custom_modules()
@@ -88,7 +88,7 @@ defmodule Pleroma.Application do
         Pleroma.Repo,
         Config.TransferTask,
         Pleroma.Emoji,
-        Pleroma.Plugs.RateLimiter.Supervisor
+        Pleroma.Web.Plugs.RateLimiter.Supervisor
       ] ++
         cachex_children() ++
         http_children(adapter, @env) ++

lib/pleroma/bbs/authenticator.ex

@@ -4,8 +4,8 @@
 
 defmodule Pleroma.BBS.Authenticator do
   use Sshd.PasswordAuthenticator
-  alias Pleroma.Plugs.AuthenticationPlug
   alias Pleroma.User
+  alias Pleroma.Web.Plugs.AuthenticationPlug
 
   def authenticate(username, password) do
     username = to_string(username)

lib/pleroma/config/deprecation_warnings.ex

@@ -39,7 +39,8 @@ defmodule Pleroma.Config.DeprecationWarnings do
          :ok <- check_media_proxy_whitelist_config(),
          :ok <- check_welcome_message_config(),
          :ok <- check_gun_pool_options(),
-         :ok <- check_activity_expiration_config() do
+         :ok <- check_activity_expiration_config(),
+         :ok <- check_remote_ip_plug_name() do
       :ok
     else
       _ ->
@@ -176,4 +177,20 @@ defmodule Pleroma.Config.DeprecationWarnings do
       warning_preface
     )
   end
+
+  @spec check_remote_ip_plug_name() :: :ok | nil
+  def check_remote_ip_plug_name do
+    warning_preface = """
+    !!!DEPRECATION WARNING!!!
+    Your config is using old namespace for RemoteIp Plug. Setting should work for now, but you are advised to change to new namespace to prevent possible issues later:
+    """
+
+    move_namespace_and_warn(
+      [
+        {Pleroma.Plugs.RemoteIp, Pleroma.Web.Plugs.RemoteIp,
+         "\n* `config :pleroma, Pleroma.Plugs.RemoteIp` is now `config :pleroma, Pleroma.Web.Plugs.RemoteIp`"}
+      ],
+      warning_preface
+    )
+  end
 end

lib/pleroma/tests/auth_test_controller.ex

@@ -8,9 +8,9 @@ defmodule Pleroma.Tests.AuthTestController do
 
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
+  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   # Serves only with proper OAuth token (:api and :authenticated_api)
   # Skipping EnsurePublicOrAuthenticatedPlug has no effect in this case

lib/pleroma/uploaders/uploader.ex

@@ -12,7 +12,7 @@ defmodule Pleroma.Uploaders.Uploader do
   @doc """
   Instructs how to get the file from the backend.
 
-  Used by `Pleroma.Plugs.UploadedMedia`.
+  Used by `Pleroma.Web.Plugs.UploadedMedia`.
   """
   @type get_method :: {:static_dir, directory :: String.t()} | {:url, url :: String.t()}
   @callback get_file(file :: String.t()) :: {:ok, get_method()}

lib/pleroma/web.ex

@@ -2,11 +2,6 @@
 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
-defmodule Pleroma.Web.Plug do
-  # Substitute for `call/2` which is defined with `use Pleroma.Web, :plug`
-  @callback perform(Plug.Conn.t(), Plug.opts()) :: Plug.Conn.t()
-end
-
 defmodule Pleroma.Web do
   @moduledoc """
   A module that keeps using definitions for controllers,
@@ -25,12 +20,12 @@ defmodule Pleroma.Web do
   below.
   """
 
-  alias Pleroma.Plugs.EnsureAuthenticatedPlug
-  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.ExpectAuthenticatedCheckPlug
-  alias Pleroma.Plugs.ExpectPublicOrAuthenticatedCheckPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Plugs.PlugHelper
+  alias Pleroma.Web.Plugs.EnsureAuthenticatedPlug
+  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Web.Plugs.ExpectAuthenticatedCheckPlug
+  alias Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.PlugHelper
 
   def controller do
     quote do

lib/pleroma/web/activity_pub/activity_pub_controller.ex

@@ -9,7 +9,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   alias Pleroma.Delivery
   alias Pleroma.Object
   alias Pleroma.Object.Fetcher
-  alias Pleroma.Plugs.EnsureAuthenticatedPlug
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Builder
@@ -23,8 +22,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   alias Pleroma.Web.ActivityPub.Visibility
   alias Pleroma.Web.ControllerHelper
   alias Pleroma.Web.Endpoint
-  alias Pleroma.Web.FederatingPlug
   alias Pleroma.Web.Federator
+  alias Pleroma.Web.Plugs.EnsureAuthenticatedPlug
+  alias Pleroma.Web.Plugs.FederatingPlug
 
   require Logger
 
@@ -46,7 +46,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
   )
 
   plug(
-    Pleroma.Plugs.Cache,
+    Pleroma.Web.Plugs.Cache,
     [query_params: false, tracking_fun: &__MODULE__.track_object_fetch/2]
     when action in [:activity, :object]
   )

lib/pleroma/web/admin_api/controllers/admin_api_controller.ex

@@ -10,7 +10,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   alias Pleroma.Config
   alias Pleroma.MFA
   alias Pleroma.ModerationLog
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Stats
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
@@ -21,6 +20,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   alias Pleroma.Web.AdminAPI.ModerationLogView
   alias Pleroma.Web.AdminAPI.Search
   alias Pleroma.Web.Endpoint
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
   alias Pleroma.Web.Router
 
   @users_page_size 50

lib/pleroma/web/admin_api/controllers/chat_controller.ex

@@ -10,10 +10,10 @@ defmodule Pleroma.Web.AdminAPI.ChatController do
   alias Pleroma.Chat.MessageReference
   alias Pleroma.ModerationLog
   alias Pleroma.Pagination
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.AdminAPI
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.PleromaAPI.Chat.MessageReferenceView
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   require Logger
 

lib/pleroma/web/admin_api/controllers/config_controller.ex

@@ -7,7 +7,7 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do
 
   alias Pleroma.Config
   alias Pleroma.ConfigDB
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
   plug(OAuthScopesPlug, %{scopes: ["write"], admin: true} when action == :update)

lib/pleroma/web/admin_api/controllers/instance_document_controller.ex

@@ -5,9 +5,9 @@
 defmodule Pleroma.Web.AdminAPI.InstanceDocumentController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.InstanceStatic
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.InstanceDocument
+  alias Pleroma.Web.Plugs.InstanceStatic
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
 

lib/pleroma/web/admin_api/controllers/invite_controller.ex

@@ -8,8 +8,8 @@ defmodule Pleroma.Web.AdminAPI.InviteController do
   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
 
   alias Pleroma.Config
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.UserInviteToken
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   require Logger
 

lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex

@@ -5,9 +5,9 @@
 defmodule Pleroma.Web.AdminAPI.MediaProxyCacheController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.ApiSpec.Admin, as: Spec
   alias Pleroma.Web.MediaProxy
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
 

lib/pleroma/web/admin_api/controllers/o_auth_app_controller.ex

@@ -7,8 +7,8 @@ defmodule Pleroma.Web.AdminAPI.OAuthAppController do
 
   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.OAuth.App
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   require Logger
 

lib/pleroma/web/admin_api/controllers/relay_controller.ex

@@ -6,8 +6,8 @@ defmodule Pleroma.Web.AdminAPI.RelayController do
   use Pleroma.Web, :controller
 
   alias Pleroma.ModerationLog
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.ActivityPub.Relay
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   require Logger
 

lib/pleroma/web/admin_api/controllers/report_controller.ex

@@ -9,12 +9,12 @@ defmodule Pleroma.Web.AdminAPI.ReportController do
 
   alias Pleroma.Activity
   alias Pleroma.ModerationLog
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.ReportNote
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.AdminAPI
   alias Pleroma.Web.AdminAPI.Report
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   require Logger
 

lib/pleroma/web/admin_api/controllers/status_controller.ex

@@ -7,10 +7,10 @@ defmodule Pleroma.Web.AdminAPI.StatusController do
 
   alias Pleroma.Activity
   alias Pleroma.ModerationLog
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.MastodonAPI
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   require Logger
 

lib/pleroma/web/auth/pleroma_authenticator.ex

@@ -3,10 +3,10 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.Auth.PleromaAuthenticator do
-  alias Pleroma.Plugs.AuthenticationPlug
   alias Pleroma.Registration
   alias Pleroma.Repo
   alias Pleroma.User
+  alias Pleroma.Web.Plugs.AuthenticationPlug
 
   import Pleroma.Web.Auth.Authenticator,
     only: [fetch_credentials: 1, fetch_user: 1]

lib/pleroma/web/auth/totp_authenticator.ex

@@ -5,8 +5,8 @@
 defmodule Pleroma.Web.Auth.TOTPAuthenticator do
   alias Pleroma.MFA
   alias Pleroma.MFA.TOTP
-  alias Pleroma.Plugs.AuthenticationPlug
   alias Pleroma.User
+  alias Pleroma.Web.Plugs.AuthenticationPlug
 
   @doc "Verify code or check backup code."
   @spec verify(String.t(), User.t()) ::

lib/pleroma/web/common_api/utils.ex

@@ -12,12 +12,12 @@ defmodule Pleroma.Web.CommonAPI.Utils do
   alias Pleroma.Conversation.Participation
   alias Pleroma.Formatter
   alias Pleroma.Object
-  alias Pleroma.Plugs.AuthenticationPlug
   alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.ActivityPub.Visibility
   alias Pleroma.Web.MediaProxy
+  alias Pleroma.Web.Plugs.AuthenticationPlug
 
   require Logger
   require Pleroma.Constants

lib/pleroma/web/endpoint.ex

@@ -9,17 +9,17 @@ defmodule Pleroma.Web.Endpoint do
 
   socket("/socket", Pleroma.Web.UserSocket)
 
-  plug(Pleroma.Plugs.SetLocalePlug)
+  plug(Pleroma.Web.Plugs.SetLocalePlug)
   plug(CORSPlug)
-  plug(Pleroma.Plugs.HTTPSecurityPlug)
-  plug(Pleroma.Plugs.UploadedMedia)
+  plug(Pleroma.Web.Plugs.HTTPSecurityPlug)
+  plug(Pleroma.Web.Plugs.UploadedMedia)
 
   @static_cache_control "public, no-cache"
 
   # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
   # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
   # Cache-control headers are duplicated in case we turn off etags in the future
-  plug(Pleroma.Plugs.InstanceStatic,
+  plug(Pleroma.Web.Plugs.InstanceStatic,
     at: "/",
     gzip: true,
     cache_control_for_etags: @static_cache_control,
@@ -29,7 +29,7 @@ defmodule Pleroma.Web.Endpoint do
   )
 
   # Careful! No `only` restriction here, as we don't know what frontends contain.
-  plug(Pleroma.Plugs.FrontendStatic,
+  plug(Pleroma.Web.Plugs.FrontendStatic,
     at: "/",
     frontend_type: :primary,
     gzip: true,
@@ -41,7 +41,7 @@ defmodule Pleroma.Web.Endpoint do
 
   plug(Plug.Static.IndexHtml, at: "/pleroma/admin/")
 
-  plug(Pleroma.Plugs.FrontendStatic,
+  plug(Pleroma.Web.Plugs.FrontendStatic,
     at: "/pleroma/admin",
     frontend_type: :admin,
     gzip: true,
@@ -79,7 +79,7 @@ defmodule Pleroma.Web.Endpoint do
     plug(Phoenix.CodeReloader)
   end
 
-  plug(Pleroma.Plugs.TrailingFormatPlug)
+  plug(Pleroma.Web.Plugs.TrailingFormatPlug)
   plug(Plug.RequestId)
   plug(Plug.Logger, log: :debug)
 
@@ -122,7 +122,7 @@ defmodule Pleroma.Web.Endpoint do
     extra: extra
   )
 
-  plug(Pleroma.Plugs.RemoteIp)
+  plug(Pleroma.Web.Plugs.RemoteIp)
 
   defmodule Instrumenter do
     use Prometheus.PhoenixInstrumenter

lib/pleroma/web/fallback/redirect_controller.ex

@@ -2,7 +2,7 @@
 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
-defmodule Fallback.RedirectController do
+defmodule Pleroma.Web.Fallback.RedirectController do
   use Pleroma.Web, :controller
 
   require Logger
@@ -75,7 +75,7 @@ defmodule Fallback.RedirectController do
   end
 
   defp index_file_path do
-    Pleroma.Plugs.InstanceStatic.file_path("index.html")
+    Pleroma.Web.Plugs.InstanceStatic.file_path("index.html")
   end
 
   defp build_tags(conn, params) do

lib/pleroma/web/feed/user_controller.ex

@@ -5,27 +5,26 @@
 defmodule Pleroma.Web.Feed.UserController do
   use Pleroma.Web, :controller
 
-  alias Fallback.RedirectController
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.ActivityPubController
   alias Pleroma.Web.Feed.FeedView
 
-  plug(Pleroma.Plugs.SetFormatPlug when action in [:feed_redirect])
+  plug(Pleroma.Web.Plugs.SetFormatPlug when action in [:feed_redirect])
 
   action_fallback(:errors)
 
   def feed_redirect(%{assigns: %{format: "html"}} = conn, %{"nickname" => nickname}) do
     with {_, %User{} = user} <- {:fetch_user, User.get_cached_by_nickname_or_id(nickname)} do
-      RedirectController.redirector_with_meta(conn, %{user: user})
+      Pleroma.Web.Fallback.RedirectController.redirector_with_meta(conn, %{user: user})
     end
   end
 
   def feed_redirect(%{assigns: %{format: format}} = conn, _params)
       when format in ["json", "activity+json"] do
     with %{halted: false} = conn <-
-           Pleroma.Plugs.EnsureAuthenticatedPlug.call(conn,
-             unless_func: &Pleroma.Web.FederatingPlug.federating?/1
+           Pleroma.Web.Plugs.EnsureAuthenticatedPlug.call(conn,
+             unless_func: &Pleroma.Web.Plugs.FederatingPlug.federating?/1
            ) do
       ActivityPubController.call(conn, :user)
     end

lib/pleroma/web/masto_fe_controller.ex

@@ -5,9 +5,9 @@
 defmodule Pleroma.Web.MastoFEController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
+  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
 

lib/pleroma/web/mastodon_api/controllers/account_controller.ex

@@ -15,9 +15,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
     ]
 
   alias Pleroma.Maps
-  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Builder
@@ -29,6 +26,9 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
   alias Pleroma.Web.MastodonAPI.StatusView
   alias Pleroma.Web.OAuth.OAuthController
   alias Pleroma.Web.OAuth.OAuthView
+  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.RateLimiter
   alias Pleroma.Web.TwitterAPI.TwitterAPI
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)

lib/pleroma/web/mastodon_api/controllers/app_controller.ex

@@ -5,12 +5,12 @@
 defmodule Pleroma.Web.MastodonAPI.AppController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Repo
   alias Pleroma.Web.OAuth.App
   alias Pleroma.Web.OAuth.Scopes
   alias Pleroma.Web.OAuth.Token
+  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 

lib/pleroma/web/mastodon_api/controllers/auth_controller.ex

@@ -15,7 +15,7 @@ defmodule Pleroma.Web.MastodonAPI.AuthController do
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 
-  plug(Pleroma.Plugs.RateLimiter, [name: :password_reset] when action == :password_reset)
+  plug(Pleroma.Web.Plugs.RateLimiter, [name: :password_reset] when action == :password_reset)
 
   @local_mastodon_name "Mastodon-Local"
 

lib/pleroma/web/mastodon_api/controllers/conversation_controller.ex

@@ -8,8 +8,8 @@ defmodule Pleroma.Web.MastodonAPI.ConversationController do
   import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]
 
   alias Pleroma.Conversation.Participation
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Repo
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 

lib/pleroma/web/mastodon_api/controllers/custom_emoji_controller.ex

@@ -9,7 +9,7 @@ defmodule Pleroma.Web.MastodonAPI.CustomEmojiController do
 
   plug(
     :skip_plug,
-    [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
+    [Pleroma.Web.Plugs.OAuthScopesPlug, Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug]
     when action == :index
   )
 

lib/pleroma/web/mastodon_api/controllers/domain_block_controller.ex

@@ -5,8 +5,8 @@
 defmodule Pleroma.Web.MastodonAPI.DomainBlockController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.DomainBlockOperation

lib/pleroma/web/mastodon_api/controllers/filter_controller.ex

@@ -6,7 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.FilterController do
   use Pleroma.Web, :controller
 
   alias Pleroma.Filter
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   @oauth_read_actions [:show, :index]
 

lib/pleroma/web/mastodon_api/controllers/follow_request_controller.ex

@@ -5,9 +5,9 @@
 defmodule Pleroma.Web.MastodonAPI.FollowRequestController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(:put_view, Pleroma.Web.MastodonAPI.AccountView)
   plug(Pleroma.Web.ApiSpec.CastAndValidate)

lib/pleroma/web/mastodon_api/controllers/instance_controller.ex

@@ -9,7 +9,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceController do
 
   plug(
     :skip_plug,
-    [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
+    [Pleroma.Web.Plugs.OAuthScopesPlug, Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug]
     when action in [:show, :peers]
   )
 

lib/pleroma/web/mastodon_api/controllers/list_controller.ex

@@ -5,9 +5,9 @@
 defmodule Pleroma.Web.MastodonAPI.ListController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.MastodonAPI.AccountView
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   @oauth_read_actions [:index, :show, :list_accounts]
 

lib/pleroma/web/mastodon_api/controllers/marker_controller.ex

@@ -4,7 +4,7 @@
 
 defmodule Pleroma.Web.MastodonAPI.MarkerController do
   use Pleroma.Web, :controller
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
 

lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex

@@ -17,7 +17,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
 
   plug(
     :skip_plug,
-    [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
+    [Pleroma.Web.Plugs.OAuthScopesPlug, Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug]
     when action in [:empty_array, :empty_object]
   )
 

lib/pleroma/web/mastodon_api/controllers/media_controller.ex

@@ -6,9 +6,9 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
   use Pleroma.Web, :controller
 
   alias Pleroma.Object
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
   plug(Pleroma.Web.ApiSpec.CastAndValidate)

lib/pleroma/web/mastodon_api/controllers/notification_controller.ex

@@ -8,8 +8,8 @@ defmodule Pleroma.Web.MastodonAPI.NotificationController do
   import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]
 
   alias Pleroma.Notification
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.MastodonAPI.MastodonAPI
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   @oauth_read_actions [:show, :index]
 

lib/pleroma/web/mastodon_api/controllers/poll_controller.ex

@@ -9,9 +9,9 @@ defmodule Pleroma.Web.MastodonAPI.PollController do
 
   alias Pleroma.Activity
   alias Pleroma.Object
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.ActivityPub.Visibility
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 

lib/pleroma/web/mastodon_api/controllers/report_controller.ex

@@ -3,14 +3,12 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.MastodonAPI.ReportController do
-  alias Pleroma.Plugs.OAuthScopesPlug
-
   use Pleroma.Web, :controller
 
   action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(OAuthScopesPlug, %{scopes: ["write:reports"]} when action == :create)
+  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["write:reports"]} when action == :create)
 
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.ReportOperation
 

lib/pleroma/web/mastodon_api/controllers/scheduled_activity_controller.ex

@@ -7,9 +7,9 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityController do
 
   import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.ScheduledActivity
   alias Pleroma.Web.MastodonAPI.MastodonAPI
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   @oauth_read_actions [:show, :index]
 

lib/pleroma/web/mastodon_api/controllers/search_controller.ex

@@ -6,14 +6,14 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
   use Pleroma.Web, :controller
 
   alias Pleroma.Activity
-  alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.Web
   alias Pleroma.Web.ControllerHelper
   alias Pleroma.Web.MastodonAPI.AccountView
   alias Pleroma.Web.MastodonAPI.StatusView
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.RateLimiter
 
   require Logger
 

lib/pleroma/web/mastodon_api/controllers/status_controller.ex

@@ -13,8 +13,6 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
   alias Pleroma.Activity
   alias Pleroma.Bookmark
   alias Pleroma.Object
-  alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.Repo
   alias Pleroma.ScheduledActivity
   alias Pleroma.User
@@ -23,9 +21,15 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.MastodonAPI.AccountView
   alias Pleroma.Web.MastodonAPI.ScheduledActivityView
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.RateLimiter
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(:skip_plug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action in [:index, :show])
+
+  plug(
+    :skip_plug,
+    Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug when action in [:index, :show]
+  )
 
   @unauthenticated_access %{fallback: :proceed_unauthenticated, scopes: []}
 

lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex

@@ -13,7 +13,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionController do
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
   plug(:restrict_push_enabled)
-  plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
+  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
 
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.SubscriptionOperation
 

lib/pleroma/web/mastodon_api/controllers/suggestion_controller.ex

@@ -8,7 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.SuggestionController do
   require Logger
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["read"]} when action == :index)
+  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["read"]} when action == :index)
 
   def open_api_operation(action) do
     operation = String.to_existing_atom("#{action}_operation")

lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex

@@ -10,11 +10,11 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
 
   alias Pleroma.Config
   alias Pleroma.Pagination
-  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.RateLimiter
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
   plug(:skip_plug, EnsurePublicOrAuthenticatedPlug when action in [:public, :hashtag])

lib/pleroma/web/mongoose_im/mongoose_im_controller.ex

@@ -5,10 +5,10 @@
 defmodule Pleroma.Web.MongooseIM.MongooseIMController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.AuthenticationPlug
-  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.Repo
   alias Pleroma.User
+  alias Pleroma.Web.Plugs.AuthenticationPlug
+  alias Pleroma.Web.Plugs.RateLimiter
 
   plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
   plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)

lib/pleroma/web/o_auth/o_auth_controller.ex

@@ -8,7 +8,6 @@ defmodule Pleroma.Web.OAuth.OAuthController do
   alias Pleroma.Helpers.UriHelper
   alias Pleroma.Maps
   alias Pleroma.MFA
-  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.Registration
   alias Pleroma.Repo
   alias Pleroma.User
@@ -23,6 +22,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
   alias Pleroma.Web.OAuth.Token
   alias Pleroma.Web.OAuth.Token.Strategy.RefreshToken
   alias Pleroma.Web.OAuth.Token.Strategy.Revoke, as: RevokeToken
+  alias Pleroma.Web.Plugs.RateLimiter
 
   require Logger
 
@@ -31,7 +31,10 @@ defmodule Pleroma.Web.OAuth.OAuthController do
   plug(:fetch_session)
   plug(:fetch_flash)
 
-  plug(:skip_plug, [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug])
+  plug(:skip_plug, [
+    Pleroma.Web.Plugs.OAuthScopesPlug,
+    Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  ])
 
   plug(RateLimiter, [name: :authentication] when action == :create_authorization)
 

lib/pleroma/web/o_auth/scopes.ex

@@ -7,7 +7,7 @@ defmodule Pleroma.Web.OAuth.Scopes do
   Functions for dealing with scopes.
   """
 
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   @doc """
   Fetch scopes from request params.

lib/pleroma/web/o_status/o_status_controller.ex

@@ -5,19 +5,19 @@
 defmodule Pleroma.Web.OStatus.OStatusController do
   use Pleroma.Web, :controller
 
-  alias Fallback.RedirectController
   alias Pleroma.Activity
   alias Pleroma.Object
-  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPubController
   alias Pleroma.Web.ActivityPub.Visibility
   alias Pleroma.Web.Endpoint
+  alias Pleroma.Web.Fallback.RedirectController
   alias Pleroma.Web.Metadata.PlayerView
+  alias Pleroma.Web.Plugs.RateLimiter
   alias Pleroma.Web.Router
 
-  plug(Pleroma.Plugs.EnsureAuthenticatedPlug,
-    unless_func: &Pleroma.Web.FederatingPlug.federating?/1
+  plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug,
+    unless_func: &Pleroma.Web.Plugs.FederatingPlug.federating?/1
   )
 
   plug(
@@ -26,7 +26,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do
   )
 
   plug(
-    Pleroma.Plugs.SetFormatPlug
+    Pleroma.Web.Plugs.SetFormatPlug
     when action in [:object, :activity, :notice]
   )
 

lib/pleroma/web/pleroma_api/controllers/account_controller.ex

@@ -8,12 +8,12 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
   import Pleroma.Web.ControllerHelper,
     only: [json_response: 3, add_link_headers: 2, assign_account_by_id: 2]
 
-  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.MastodonAPI.StatusView
+  alias Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.RateLimiter
 
   require Pleroma.Constants
 

lib/pleroma/web/pleroma_api/controllers/chat_controller.ex

@@ -11,12 +11,12 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
   alias Pleroma.Chat.MessageReference
   alias Pleroma.Object
   alias Pleroma.Pagination
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Repo
   alias Pleroma.User
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.PleromaAPI.Chat.MessageReferenceView
   alias Pleroma.Web.PleromaAPI.ChatView
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   import Ecto.Query
 

lib/pleroma/web/pleroma_api/controllers/conversation_controller.ex

@@ -8,9 +8,9 @@ defmodule Pleroma.Web.PleromaAPI.ConversationController do
   import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]
 
   alias Pleroma.Conversation.Participation
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.MastodonAPI.StatusView
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
   plug(:put_view, Pleroma.Web.MastodonAPI.ConversationView)

lib/pleroma/web/pleroma_api/controllers/emoji_file_controller.ex

@@ -11,7 +11,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiFileController do
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
 
   plug(
-    Pleroma.Plugs.OAuthScopesPlug,
+    Pleroma.Web.Plugs.OAuthScopesPlug,
     %{scopes: ["write"], admin: true}
     when action in [
            :create,

lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex

@@ -10,7 +10,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackController do
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
 
   plug(
-    Pleroma.Plugs.OAuthScopesPlug,
+    Pleroma.Web.Plugs.OAuthScopesPlug,
     %{scopes: ["write"], admin: true}
     when action in [
            :import_from_filesystem,
@@ -22,8 +22,11 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackController do
          ]
   )
 
-  @skip_plugs [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
-  plug(:skip_plug, @skip_plugs when action in [:index, :show, :archive])
+  @skip_plugs [
+    Pleroma.Web.Plugs.OAuthScopesPlug,
+    Pleroma.Web.Plugs.EnsurePublicOrAuthenticatedPlug
+  ]
+  plug(:skip_plug, @skip_plugs when action in [:index, :archive, :show])
 
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaEmojiPackOperation
 

lib/pleroma/web/pleroma_api/controllers/emoji_reaction_controller.ex

@@ -7,9 +7,9 @@ defmodule Pleroma.Web.PleromaAPI.EmojiReactionController do
 
   alias Pleroma.Activity
   alias Pleroma.Object
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.MastodonAPI.StatusView
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
   plug(OAuthScopesPlug, %{scopes: ["write:statuses"]} when action in [:create, :delete])

lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex

@@ -5,9 +5,9 @@
 defmodule Pleroma.Web.PleromaAPI.MascotController do
   use Pleroma.Web, :controller
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
   plug(OAuthScopesPlug, %{scopes: ["read:accounts"]} when action == :show)

lib/pleroma/web/pleroma_api/controllers/notification_controller.ex

@@ -6,10 +6,14 @@ defmodule Pleroma.Web.PleromaAPI.NotificationController do
   use Pleroma.Web, :controller
 
   alias Pleroma.Notification
-  alias Pleroma.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :mark_as_read)
+
+  plug(
+    Pleroma.Web.Plugs.OAuthScopesPlug,
+    %{scopes: ["write:notifications"]} when action == :mark_as_read
+  )
+
   plug(:put_view, Pleroma.Web.MastodonAPI.NotificationView)
 
   defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaNotificationOperation

lib/pleroma/web/pleroma_api/controllers/scrobble_controller.ex

@@ -7,10 +7,10 @@ defmodule Pleroma.Web.PleromaAPI.ScrobbleController do
 
   import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(Pleroma.Web.ApiSpec.CastAndValidate)
 

lib/pleroma/web/pleroma_api/controllers/two_factor_authentication_controller.ex

@@ -10,8 +10,8 @@ defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController do
 
   alias Pleroma.MFA
   alias Pleroma.MFA.TOTP
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Web.CommonAPI.Utils
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(OAuthScopesPlug, %{scopes: ["read:security"]} when action in [:settings])
 

lib/pleroma/web/pleroma_api/controllers/user_import_controller.ex

@@ -7,9 +7,9 @@ defmodule Pleroma.Web.PleromaAPI.UserImportController do
 
   require Logger
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.User
   alias Pleroma.Web.ApiSpec
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
 
   plug(OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} when action == :follow)
   plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks)

lib/pleroma/web/plug.ex

@@ -0,0 +1,8 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plug do
+  # Substitute for `call/2` which is defined with `use Pleroma.Web, :plug`
+  @callback perform(Plug.Conn.t(), Plug.opts()) :: Plug.Conn.t()
+end

lib/pleroma/web/plugs/admin_secret_authentication_plug.ex

@@ -2,12 +2,12 @@
 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
-defmodule Pleroma.Plugs.AdminSecretAuthenticationPlug do
+defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlug do
   import Plug.Conn
 
-  alias Pleroma.Plugs.OAuthScopesPlug
-  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.User
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.RateLimiter
 
   def init(options) do
     options

lib/pleroma/web/plugs/authentication_plug.ex

@@ -2,8 +2,7 @@
 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
-defmodule Pleroma.Plugs.AuthenticationPlug do
-  alias Pleroma.Plugs.OAuthScopesPlug
+defmodule Pleroma.Web.Plugs.AuthenticationPlug do
   alias Pleroma.User
 
   import Plug.Conn
@@ -65,7 +64,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
 
       conn
       |> assign(:user, auth_user)
-      |> OAuthScopesPlug.skip_plug()
+      |> Pleroma.Web.Plugs.OAuthScopesPlug.skip_plug()
     else
       conn
     end