Merge branch '1560-non-federating-instances-routes-restrictions' into 'develop'

[#1560] Restricted AP- & OStatus-related routes for non-federating instances Closes #1560 See merge request pleroma/pleroma!2235
2020-03-15 19:15:20 +00:00 · 2020-03-15 19:15:20 +00:00 · fa4ec17c84
commit fa4ec17c84
parent d84670b9e1 ecb7809e92
22 changed files with 644 additions and 472 deletions
--- a/lib/pleroma/plugs/ensure_authenticated_plug.ex
+++ b/lib/pleroma/plugs/ensure_authenticated_plug.ex
@ -15,9 +15,24 @@ defmodule Pleroma.Plugs.EnsureAuthenticatedPlug do
    conn
  end

-  def call(conn, _) do
+  def call(conn, options) do
+    perform =
+      cond do
+        options[:if_func] -> options[:if_func].()
+        options[:unless_func] -> !options[:unless_func].()
+        true -> true
+      end
+
+    if perform do
+      fail(conn)
+    else
+      conn
+    end
+  end
+
+  def fail(conn) do
    conn
    |> render_error(:forbidden, "Invalid credentials.")
-    |> halt
+    |> halt()
  end
 end
--- a/lib/pleroma/plugs/federating_plug.ex
+++ b/lib/pleroma/plugs/federating_plug.ex
@ -10,14 +10,20 @@ defmodule Pleroma.Web.FederatingPlug do
  end

  def call(conn, _opts) do
-    if Pleroma.Config.get([:instance, :federating]) do
+    if federating?() do
      conn
    else
-      conn
-      |> put_status(404)
-      |> Phoenix.Controller.put_view(Pleroma.Web.ErrorView)
-      |> Phoenix.Controller.render("404.json")
-      |> halt()
+      fail(conn)
    end
  end
+
+  def federating?, do: Pleroma.Config.get([:instance, :federating])
+
+  defp fail(conn) do
+    conn
+    |> put_status(404)
+    |> Phoenix.Controller.put_view(Pleroma.Web.ErrorView)
+    |> Phoenix.Controller.render("404.json")
+    |> halt()
+  end
 end