hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enforcement of OAuth scopes check for authenticated API endpoints, :skip_plug plug to mark a plug explicitly skipped (disabled).

Browse source
This commit is contained in:
Ivan Tashkinov 2020-04-06 10:20:44 +03:00
commit fc81e5a49c
14 changed files with 113 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/pleroma/plugs/oauth_scopes_plug.ex
View file

@ -8,12 +8,15 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
alias Pleroma.Config
alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
alias Pleroma.Plugs.PlugHelper
@behaviour Plug
def init(%{scopes: _} = options), do: options
def call(%Plug.Conn{assigns: assigns} = conn, %{scopes: scopes} = options) do
conn = PlugHelper.append_to_called_plugs(conn, __MODULE__)
op = options[:op] || :|
token = assigns[:token]