diff options
| author | marcin mikołajczak <git@mkljczk.pl> | 2024-09-15 14:59:06 +0200 |
|---|---|---|
| committer | marcin mikołajczak <git@mkljczk.pl> | 2024-09-15 15:20:28 +0200 |
| commit | ad953143bb00d67eb981806981f8ef3e35c437e1 (patch) | |
| tree | ee4b145d8f2ac2a8914755af9a5a39e0d40c9e74 /lib | |
| parent | 8250a9764ea07a69a701401fd00f6d55e0ef2003 (diff) | |
| download | pleroma-ad953143bb00d67eb981806981f8ef3e35c437e1.tar.gz pleroma-ad953143bb00d67eb981806981f8ef3e35c437e1.zip | |
Require HTTP signatures (if enabled) for routes used by both C2S and S2S AP API
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/plugs/http_signature_plug.ex | 12 | ||||
| -rw-r--r-- | lib/pleroma/web/router.ex | 17 |
2 files changed, 25 insertions, 4 deletions
diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex index 67974599a..2e16212ce 100644 --- a/lib/pleroma/web/plugs/http_signature_plug.ex +++ b/lib/pleroma/web/plugs/http_signature_plug.ex @@ -19,8 +19,16 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do options end - def call(%{assigns: %{valid_signature: true}} = conn, _opts) do - conn + def call(%{assigns: %{valid_signature: true}} = conn, _opts), do: conn + + # skip for C2S requests from authenticated users + def call(%{assigns: %{user: %Pleroma.User{}}} = conn, _opts) do + if get_format(conn) in ["json", "activity+json"] do + # ensure access token is provided for 2FA + Pleroma.Web.Plugs.EnsureAuthenticatedPlug.call(conn, %{}) + else + conn + end end def call(conn, _opts) do diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 0423ca9e2..ad8529a30 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -907,17 +907,30 @@ defmodule Pleroma.Web.Router do plug(:after_auth) end + # AP interactions used by both S2S and C2S + pipeline :activitypub_server_or_client do + plug(:ap_service_actor) + plug(:fetch_session) + plug(:authenticate) + plug(:after_auth) + plug(:http_signature) + end + scope "/", Pleroma.Web.ActivityPub do pipe_through([:activitypub_client]) get("/api/ap/whoami", ActivityPubController, :whoami) get("/users/:nickname/inbox", ActivityPubController, :read_inbox) - get("/users/:nickname/outbox", ActivityPubController, :outbox) post("/users/:nickname/outbox", ActivityPubController, :update_outbox) post("/api/ap/upload_media", ActivityPubController, :upload_media) + end + + scope "/", Pleroma.Web.ActivityPub do + pipe_through([:activitypub_server_or_client]) + + get("/users/:nickname/outbox", ActivityPubController, :outbox) - # The following two are S2S as well, see `ActivityPub.fetch_follow_information_for_user/1`: get("/users/:nickname/followers", ActivityPubController, :followers) get("/users/:nickname/following", ActivityPubController, :following) get("/users/:nickname/collections/featured", ActivityPubController, :pinned) |