2020-12-06 03:59:10 -07:00
|
|
|
# Pleroma: A lightweight social networking server
|
2022-02-25 23:11:42 -07:00
|
|
|
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
|
2020-12-06 03:59:10 -07:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
defmodule Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug do
|
|
|
|
import Plug.Conn
|
|
|
|
|
|
|
|
alias Pleroma.Helpers.AuthHelper
|
|
|
|
alias Pleroma.User
|
|
|
|
alias Pleroma.Web.OAuth.Token
|
|
|
|
|
|
|
|
@moduledoc "Ensures presence and consistency of :user and :token assigns."
|
|
|
|
|
|
|
|
def init(opts) do
|
|
|
|
opts
|
|
|
|
end
|
|
|
|
|
|
|
|
def call(%{assigns: %{user: %User{id: user_id}} = assigns} = conn, _) do
|
|
|
|
with %Token{user_id: ^user_id} <- assigns[:token] do
|
|
|
|
conn
|
|
|
|
else
|
|
|
|
%Token{} ->
|
|
|
|
# A safety net for abnormal (unexpected) scenario: :token belongs to another user
|
|
|
|
AuthHelper.drop_auth_info(conn)
|
|
|
|
|
|
|
|
_ ->
|
|
|
|
assign(conn, :token, nil)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-02-11 05:02:50 -07:00
|
|
|
# App-bound token case (obtained with client_id and client_secret)
|
|
|
|
def call(%{assigns: %{token: %Token{user_id: nil}}} = conn, _) do
|
|
|
|
assign(conn, :user, nil)
|
|
|
|
end
|
|
|
|
|
2020-12-06 03:59:10 -07:00
|
|
|
def call(conn, _) do
|
|
|
|
conn
|
|
|
|
|> assign(:user, nil)
|
|
|
|
|> assign(:token, nil)
|
|
|
|
end
|
|
|
|
end
|