Allow disabling C2S ActivityPub API

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>

2 files changed, 36 insertions, 0 deletions

diff --git a/lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex b/lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex
new file mode 100644
index 000000000..6807673f9
--- /dev/null
+++ b/lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex
@@ -0,0 +1,34 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2024 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.APClientApiEnabledPlug do
+  import Plug.Conn
+  import Phoenix.Controller, only: [text: 2]
+
+  @config_impl Application.compile_env(:pleroma, [__MODULE__, :config_impl], Pleroma.Config)
+  @enabled_path [:activitypub, :client_api_enabled]
+
+  def init(options \\ []), do: Map.new(options)
+
+  def call(conn, %{allow_server: true}) do
+    if @config_impl.get(@enabled_path, false) do
+      conn
+    else
+      conn
+      |> assign(:user, nil)
+      |> assign(:token, nil)
+    end
+  end
+
+  def call(conn, _) do
+    if @config_impl.get(@enabled_path, false) do
+      conn
+    else
+      conn
+      |> put_status(:forbidden)
+      |> text("C2S not enabled")
+      |> halt()
+    end
+  end
+end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index ad8529a30..d78a6aef4 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -902,6 +902,7 @@ defmodule Pleroma.Web.Router do
   # Client to Server (C2S) AP interactions
   pipeline :activitypub_client do
     plug(:ap_service_actor)
+    plug(Pleroma.Web.Plugs.APClientApiEnabledPlug)
     plug(:fetch_session)
     plug(:authenticate)
     plug(:after_auth)
@@ -912,6 +913,7 @@ defmodule Pleroma.Web.Router do
     plug(:ap_service_actor)
     plug(:fetch_session)
     plug(:authenticate)
+    plug(Pleroma.Web.Plugs.APClientApiEnabledPlug, allow_server: true)
     plug(:after_auth)
     plug(:http_signature)
   end