Pipe requests to public endpoints through EnsurePublicOrAuthenticatedPlug
This commit is contained in:
parent
7b8dc99ef1
commit
70c81b95d0
@ -84,11 +84,13 @@ defmodule Pleroma.Web.Router do
|
||||
plug(Pleroma.Plugs.EnsureUserKeyPlug)
|
||||
end
|
||||
|
||||
pipeline :oauth_read_or_unauthenticated do
|
||||
pipeline :oauth_read_or_public do
|
||||
plug(Pleroma.Plugs.OAuthScopesPlug, %{
|
||||
scopes: ["read"],
|
||||
fallback: :proceed_unauthenticated
|
||||
})
|
||||
|
||||
plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
|
||||
end
|
||||
|
||||
pipeline :oauth_read do
|
||||
@ -404,7 +406,7 @@ defmodule Pleroma.Web.Router do
|
||||
get("/accounts/search", MastodonAPIController, :account_search)
|
||||
|
||||
scope [] do
|
||||
pipe_through(:oauth_read_or_unauthenticated)
|
||||
pipe_through(:oauth_read_or_public)
|
||||
|
||||
get("/timelines/public", MastodonAPIController, :public_timeline)
|
||||
get("/timelines/tag/:tag", MastodonAPIController, :hashtag_timeline)
|
||||
@ -425,7 +427,7 @@ defmodule Pleroma.Web.Router do
|
||||
end
|
||||
|
||||
scope "/api/v2", Pleroma.Web.MastodonAPI do
|
||||
pipe_through([:api, :oauth_read_or_unauthenticated])
|
||||
pipe_through([:api, :oauth_read_or_public])
|
||||
get("/search", MastodonAPIController, :search2)
|
||||
end
|
||||
|
||||
@ -455,7 +457,7 @@ defmodule Pleroma.Web.Router do
|
||||
)
|
||||
|
||||
scope [] do
|
||||
pipe_through(:oauth_read_or_unauthenticated)
|
||||
pipe_through(:oauth_read_or_public)
|
||||
|
||||
get("/statuses/user_timeline", TwitterAPI.Controller, :user_timeline)
|
||||
get("/qvitter/statuses/user_timeline", TwitterAPI.Controller, :user_timeline)
|
||||
@ -473,7 +475,7 @@ defmodule Pleroma.Web.Router do
|
||||
end
|
||||
|
||||
scope "/api", Pleroma.Web do
|
||||
pipe_through([:api, :oauth_read_or_unauthenticated])
|
||||
pipe_through([:api, :oauth_read_or_public])
|
||||
|
||||
get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline)
|
||||
|
||||
@ -487,7 +489,7 @@ defmodule Pleroma.Web.Router do
|
||||
end
|
||||
|
||||
scope "/api", Pleroma.Web, as: :twitter_api_search do
|
||||
pipe_through([:api, :oauth_read_or_unauthenticated])
|
||||
pipe_through([:api, :oauth_read_or_public])
|
||||
get("/pleroma/search_user", TwitterAPI.Controller, :search_user)
|
||||
end
|
||||
|
||||
@ -671,7 +673,7 @@ defmodule Pleroma.Web.Router do
|
||||
delete("/auth/sign_out", MastodonAPIController, :logout)
|
||||
|
||||
scope [] do
|
||||
pipe_through(:oauth_read_or_unauthenticated)
|
||||
pipe_through(:oauth_read_or_public)
|
||||
get("/web/*path", MastodonAPIController, :index)
|
||||
end
|
||||
end
|
||||
|
@ -81,6 +81,19 @@ test "the public timeline", %{conn: conn} do
|
||||
end)
|
||||
end
|
||||
|
||||
test "the public timeline when public is set to false", %{conn: conn} do
|
||||
public = Pleroma.Config.get([:instance, :public])
|
||||
Pleroma.Config.put([:instance, :public], false)
|
||||
|
||||
on_exit(fn ->
|
||||
Pleroma.Config.put([:instance, :public], public)
|
||||
end)
|
||||
|
||||
assert conn
|
||||
|> get("/api/v1/timelines/public", %{"local" => "False"})
|
||||
|> json_response(403) == %{"error" => "This resource requires authentication."}
|
||||
end
|
||||
|
||||
test "posting a status", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user