From cea31df6a6e0e38ec6a260de0b6ae00d4d40c538 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 24 Feb 2021 15:23:45 -0600 Subject: [PATCH 1/7] Attempt to filter out API calls from FrontendStatic plug --- lib/pleroma/web.ex | 14 +++++++++++++- lib/pleroma/web/plugs/frontend_static.ex | 11 ++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web.ex b/lib/pleroma/web.ex index c3aa39492..fe2652ac9 100644 --- a/lib/pleroma/web.ex +++ b/lib/pleroma/web.ex @@ -63,7 +63,8 @@ defp skip_plug(conn, plug_modules) do # Executed just before actual controller action, invokes before-action hooks (callbacks) defp action(conn, params) do - with %{halted: false} = conn <- maybe_drop_authentication_if_oauth_check_ignored(conn), + with %{halted: false} = conn <- + maybe_drop_authentication_if_oauth_check_ignored(conn), %{halted: false} = conn <- maybe_perform_public_or_authenticated_check(conn), %{halted: false} = conn <- maybe_perform_authenticated_check(conn), %{halted: false} = conn <- maybe_halt_on_missing_oauth_scopes_check(conn) do @@ -232,4 +233,15 @@ defmacro __using__(which) when is_atom(which) do def base_url do Pleroma.Web.Endpoint.url() end + + def get_api_routes do + Pleroma.Web.Router.__routes__() + |> Stream.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end) + |> Enum.map(fn r -> + r.path + |> String.split("/", trim: true) + |> List.first() + end) + |> Enum.uniq() + end end diff --git a/lib/pleroma/web/plugs/frontend_static.ex b/lib/pleroma/web/plugs/frontend_static.ex index eecf16264..03fd51043 100644 --- a/lib/pleroma/web/plugs/frontend_static.ex +++ b/lib/pleroma/web/plugs/frontend_static.ex @@ -10,6 +10,8 @@ defmodule Pleroma.Web.Plugs.FrontendStatic do """ @behaviour Plug + @api_routes Pleroma.Web.get_api_routes() + def file_path(path, frontend_type \\ :primary) do if configuration = Pleroma.Config.get([:frontends, frontend_type]) do instance_static_path = Pleroma.Config.get([:instance, :static_dir], "instance/static") @@ -34,7 +36,8 @@ def init(opts) do end def call(conn, opts) do - with false <- invalid_path?(conn.path_info), + with false <- api_route?(conn.path_info), + false <- invalid_path?(conn.path_info), frontend_type <- Map.get(opts, :frontend_type, :primary), path when not is_nil(path) <- file_path("", frontend_type) do call_static(conn, opts, path) @@ -52,6 +55,12 @@ defp invalid_path?([h | _], _match) when h in [".", "..", ""], do: true defp invalid_path?([h | t], match), do: String.contains?(h, match) or invalid_path?(t) defp invalid_path?([], _match), do: false + defp api_route?(list) when is_list(list) and length(list) > 0 do + List.first(list) in @api_routes + end + + defp api_route?(_), do: false + defp call_static(conn, opts, from) do opts = Map.put(opts, :from, from) Plug.Static.call(conn, opts) From 8ad16137173cc57e6947caf1860c3073c0cfdf04 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 25 Feb 2021 09:06:56 -0600 Subject: [PATCH 2/7] Enum instead of Stream --- lib/pleroma/web.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web.ex b/lib/pleroma/web.ex index fe2652ac9..a638bb198 100644 --- a/lib/pleroma/web.ex +++ b/lib/pleroma/web.ex @@ -236,7 +236,7 @@ def base_url do def get_api_routes do Pleroma.Web.Router.__routes__() - |> Stream.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end) + |> Enum.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end) |> Enum.map(fn r -> r.path |> String.split("/", trim: true) From 6b87dfad5de161cf2bef43d02ff89debcee84dd3 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 25 Feb 2021 09:23:10 -0600 Subject: [PATCH 3/7] Filter out MIX_ENV from route list and add a test --- lib/pleroma/web.ex | 8 +++++- .../web/plugs/frontend_static_plug_test.exs | 28 +++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web.ex b/lib/pleroma/web.ex index a638bb198..0a4c98e47 100644 --- a/lib/pleroma/web.ex +++ b/lib/pleroma/web.ex @@ -28,6 +28,8 @@ defmodule Pleroma.Web do alias Pleroma.Web.Plugs.OAuthScopesPlug alias Pleroma.Web.Plugs.PlugHelper + @mix_env Mix.env() + def controller do quote do use Phoenix.Controller, namespace: Pleroma.Web @@ -236,7 +238,11 @@ def base_url do def get_api_routes do Pleroma.Web.Router.__routes__() - |> Enum.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end) + |> Enum.reject(fn + r -> + r.plug == Pleroma.Web.Fallback.RedirectController or + String.starts_with?(r.path, "/#{@mix_env}") + end) |> Enum.map(fn r -> r.path |> String.split("/", trim: true) diff --git a/test/pleroma/web/plugs/frontend_static_plug_test.exs b/test/pleroma/web/plugs/frontend_static_plug_test.exs index c8cfc967c..9d59d3f8e 100644 --- a/test/pleroma/web/plugs/frontend_static_plug_test.exs +++ b/test/pleroma/web/plugs/frontend_static_plug_test.exs @@ -74,4 +74,32 @@ test "exclude invalid path", %{conn: conn} do assert %Plug.Conn{status: :success} = get(conn, url) end end + + test "api routes are detected correctly" do + expected_routes = [ + "api", + "main", + "ostatus_subscribe", + "oauth", + "objects", + "activities", + "notice", + "users", + "tags", + "mailer", + "inbox", + "relay", + "internal", + ".well-known", + "nodeinfo", + "web", + "auth", + "embed", + "proxy", + "user_exists", + "check_password" + ] + + assert expected_routes == Pleroma.Web.get_api_routes() + end end From 155217979287999c69d9506f6fdb9697833e8fa0 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 25 Feb 2021 10:07:29 -0600 Subject: [PATCH 4/7] Improved recursion through the api route list --- lib/pleroma/web/plugs/frontend_static.ex | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/plugs/frontend_static.ex b/lib/pleroma/web/plugs/frontend_static.ex index 03fd51043..eb385e94d 100644 --- a/lib/pleroma/web/plugs/frontend_static.ex +++ b/lib/pleroma/web/plugs/frontend_static.ex @@ -55,11 +55,9 @@ defp invalid_path?([h | _], _match) when h in [".", "..", ""], do: true defp invalid_path?([h | t], match), do: String.contains?(h, match) or invalid_path?(t) defp invalid_path?([], _match), do: false - defp api_route?(list) when is_list(list) and length(list) > 0 do - List.first(list) in @api_routes - end - - defp api_route?(_), do: false + defp api_route?([h | _]) when h in @api_routes, do: true + defp api_route?([_ | t]), do: api_route?(t) + defp api_route?([]), do: false defp call_static(conn, opts, from) do opts = Map.put(opts, :from, from) From 2da71a526f9c628370b783ff371858f7fe831b32 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 25 Feb 2021 13:04:08 -0600 Subject: [PATCH 5/7] No need to filter out Mix.env() from the API routes. --- lib/pleroma/web.ex | 8 +------- test/pleroma/web/plugs/frontend_static_plug_test.exs | 1 + 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/web.ex b/lib/pleroma/web.ex index 0a4c98e47..a638bb198 100644 --- a/lib/pleroma/web.ex +++ b/lib/pleroma/web.ex @@ -28,8 +28,6 @@ defmodule Pleroma.Web do alias Pleroma.Web.Plugs.OAuthScopesPlug alias Pleroma.Web.Plugs.PlugHelper - @mix_env Mix.env() - def controller do quote do use Phoenix.Controller, namespace: Pleroma.Web @@ -238,11 +236,7 @@ def base_url do def get_api_routes do Pleroma.Web.Router.__routes__() - |> Enum.reject(fn - r -> - r.plug == Pleroma.Web.Fallback.RedirectController or - String.starts_with?(r.path, "/#{@mix_env}") - end) + |> Enum.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end) |> Enum.map(fn r -> r.path |> String.split("/", trim: true) diff --git a/test/pleroma/web/plugs/frontend_static_plug_test.exs b/test/pleroma/web/plugs/frontend_static_plug_test.exs index 9d59d3f8e..b5801320a 100644 --- a/test/pleroma/web/plugs/frontend_static_plug_test.exs +++ b/test/pleroma/web/plugs/frontend_static_plug_test.exs @@ -96,6 +96,7 @@ test "api routes are detected correctly" do "auth", "embed", "proxy", + "test", "user_exists", "check_password" ] From 902d4e4a4a942880dc49b7720b51d7c014c182b3 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 25 Feb 2021 13:06:43 -0600 Subject: [PATCH 6/7] Leave a note for future explorers --- test/pleroma/web/plugs/frontend_static_plug_test.exs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/pleroma/web/plugs/frontend_static_plug_test.exs b/test/pleroma/web/plugs/frontend_static_plug_test.exs index b5801320a..100b83d6a 100644 --- a/test/pleroma/web/plugs/frontend_static_plug_test.exs +++ b/test/pleroma/web/plugs/frontend_static_plug_test.exs @@ -76,6 +76,8 @@ test "exclude invalid path", %{conn: conn} do end test "api routes are detected correctly" do + # If this test fails we have probably added something + # new that should be in /api/ instead expected_routes = [ "api", "main", From 76b166f0401c85df537c13591a7397e2c21732ac Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 25 Feb 2021 13:08:36 -0600 Subject: [PATCH 7/7] Note our upgrade path for this functionality --- lib/pleroma/web.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pleroma/web.ex b/lib/pleroma/web.ex index a638bb198..8630f244b 100644 --- a/lib/pleroma/web.ex +++ b/lib/pleroma/web.ex @@ -234,6 +234,7 @@ def base_url do Pleroma.Web.Endpoint.url() end + # TODO: Change to Phoenix.Router.routes/1 for Phoenix 1.6.0+ def get_api_routes do Pleroma.Web.Router.__routes__() |> Enum.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end)