Merge branch 'runtime-router' into 'develop'

Runtime configured router

See merge request pleroma/pleroma!426

lib/pleroma/plugs/federating_plug.ex

@@ -0,0 +1,18 @@
+defmodule Pleroma.Web.FederatingPlug do
+  import Plug.Conn
+
+  def init(options) do
+    options
+  end
+
+  def call(conn, opts) do
+    if Keyword.get(Application.get_env(:pleroma, :instance), :federating) do
+      conn
+    else
+      conn
+      |> put_status(404)
+      |> Phoenix.Controller.render(Pleroma.Web.ErrorView, "404.json")
+      |> halt()
+    end
+  end
+end

lib/pleroma/web/activity_pub/activity_pub_controller.ex

@@ -11,6 +11,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
 
   action_fallback(:errors)
 
+  plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay])
   plug(:relay_active? when action in [:relay])
 
   def relay_active?(conn, _) do

lib/pleroma/web/nodeinfo/nodeinfo_controller.ex

@@ -6,6 +6,8 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
   alias Pleroma.{User, Repo}
   alias Pleroma.Web.ActivityPub.MRF
 
+  plug(Pleroma.Web.FederatingPlug)
+
   def schemas(conn, _params) do
     response = %{
       links: [

lib/pleroma/web/ostatus/ostatus_controller.ex

@@ -10,6 +10,7 @@ defmodule Pleroma.Web.OStatus.OStatusController do
   alias Pleroma.Web.ActivityPub.ActivityPubController
   alias Pleroma.Web.ActivityPub.ActivityPub
 
+  plug(Pleroma.Web.FederatingPlug when action in [:salmon_incoming])
   action_fallback(:errors)
 
   def feed_redirect(conn, %{"nickname" => nickname}) do

lib/pleroma/web/router.ex

@@ -3,11 +3,6 @@ defmodule Pleroma.Web.Router do
 
   alias Pleroma.{Repo, User, Web.Router}
 
-  @instance Application.get_env(:pleroma, :instance)
-  @federating Keyword.get(@instance, :federating)
-  @public Keyword.get(@instance, :public)
-  @registrations_open Keyword.get(@instance, :registrations_open)
-
   pipeline :api do
     plug(:accepts, ["json"])
     plug(:fetch_session)
@@ -242,11 +237,7 @@ defmodule Pleroma.Web.Router do
   end
 
   scope "/api", Pleroma.Web do
-    if @public do
-      pipe_through(:api)
-    else
-      pipe_through(:authenticated_api)
-    end
+    pipe_through(:api)
 
     get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline)
 
@@ -330,12 +321,10 @@ defmodule Pleroma.Web.Router do
     get("/users/:nickname/feed", OStatus.OStatusController, :feed)
     get("/users/:nickname", OStatus.OStatusController, :feed_redirect)
 
-    if @federating do
-      post("/users/:nickname/salmon", OStatus.OStatusController, :salmon_incoming)
-      post("/push/hub/:nickname", Websub.WebsubController, :websub_subscription_request)
-      get("/push/subscriptions/:id", Websub.WebsubController, :websub_subscription_confirmation)
-      post("/push/subscriptions/:id", Websub.WebsubController, :websub_incoming)
-    end
+    post("/users/:nickname/salmon", OStatus.OStatusController, :salmon_incoming)
+    post("/push/hub/:nickname", Websub.WebsubController, :websub_subscription_request)
+    get("/push/subscriptions/:id", Websub.WebsubController, :websub_subscription_confirmation)
+    post("/push/subscriptions/:id", Websub.WebsubController, :websub_incoming)
   end
 
   pipeline :activitypub do
@@ -352,29 +341,27 @@ defmodule Pleroma.Web.Router do
     get("/users/:nickname/outbox", ActivityPubController, :outbox)
   end
 
-  if @federating do
-    scope "/relay", Pleroma.Web.ActivityPub do
-      pipe_through(:ap_relay)
-      get("/", ActivityPubController, :relay)
-    end
+  scope "/relay", Pleroma.Web.ActivityPub do
+    pipe_through(:ap_relay)
+    get("/", ActivityPubController, :relay)
+  end
 
-    scope "/", Pleroma.Web.ActivityPub do
-      pipe_through(:activitypub)
-      post("/users/:nickname/inbox", ActivityPubController, :inbox)
-      post("/inbox", ActivityPubController, :inbox)
-    end
+  scope "/", Pleroma.Web.ActivityPub do
+    pipe_through(:activitypub)
+    post("/users/:nickname/inbox", ActivityPubController, :inbox)
+    post("/inbox", ActivityPubController, :inbox)
+  end
 
-    scope "/.well-known", Pleroma.Web do
-      pipe_through(:well_known)
+  scope "/.well-known", Pleroma.Web do
+    pipe_through(:well_known)
 
-      get("/host-meta", WebFinger.WebFingerController, :host_meta)
-      get("/webfinger", WebFinger.WebFingerController, :webfinger)
-      get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas)
-    end
+    get("/host-meta", WebFinger.WebFingerController, :host_meta)
+    get("/webfinger", WebFinger.WebFingerController, :webfinger)
+    get("/nodeinfo", Nodeinfo.NodeinfoController, :schemas)
+  end
 
-    scope "/nodeinfo", Pleroma.Web do
-      get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
-    end
+  scope "/nodeinfo", Pleroma.Web do
+    get("/:version", Nodeinfo.NodeinfoController, :nodeinfo)
   end
 
   scope "/", Pleroma.Web.MastodonAPI do

lib/pleroma/web/twitter_api/twitter_api_controller.ex

@@ -11,6 +11,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
 
   require Logger
 
+  plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline])
   action_fallback(:errors)
 
   def verify_credentials(%{assigns: %{user: user}} = conn, _params) do
@@ -518,6 +519,18 @@ defp forbidden_json_reply(conn, error_message) do
     json_reply(conn, 403, json)
   end
 
+  def only_if_public_instance(conn = %{conn: %{assigns: %{user: _user}}}, _), do: conn
+
+  def only_if_public_instance(conn, _) do
+    if Keyword.get(Application.get_env(:pleroma, :instance), :public) do
+      conn
+    else
+      conn
+      |> forbidden_json_reply("Invalid credentials.")
+      |> halt()
+    end
+  end
+
   defp error_json(conn, error_message) do
     %{"error" => error_message, "request" => conn.request_path} |> Jason.encode!()
   end

lib/pleroma/web/web_finger/web_finger_controller.ex

@@ -3,6 +3,8 @@ defmodule Pleroma.Web.WebFinger.WebFingerController do
 
   alias Pleroma.Web.WebFinger
 
+  plug(Pleroma.Web.FederatingPlug)
+
   def host_meta(conn, _params) do
     xml = WebFinger.host_meta()
 

lib/pleroma/web/websub/websub_controller.ex

@@ -5,6 +5,15 @@ defmodule Pleroma.Web.Websub.WebsubController do
   alias Pleroma.Web.Websub.WebsubClientSubscription
   require Logger
 
+  plug(
+    Pleroma.Web.FederatingPlug
+    when action in [
+           :websub_subscription_request,
+           :websub_subscription_confirmation,
+           :websub_incoming
+         ]
+  )
+
   def websub_subscription_request(conn, %{"nickname" => nickname} = params) do
     user = User.get_cached_by_nickname(nickname)
 

test/web/node_info_test.exs

@@ -14,4 +14,36 @@ test "nodeinfo shows staff accounts", %{conn: conn} do
 
     assert user.ap_id in result["metadata"]["staffAccounts"]
   end
+
+  test "returns 404 when federation is disabled" do
+    instance =
+      Application.get_env(:pleroma, :instance)
+      |> Keyword.put(:federating, false)
+
+    Application.put_env(:pleroma, :instance, instance)
+
+    conn
+    |> get("/.well-known/nodeinfo")
+    |> json_response(404)
+
+    conn
+    |> get("/nodeinfo/2.0.json")
+    |> json_response(404)
+
+    instance =
+      Application.get_env(:pleroma, :instance)
+      |> Keyword.put(:federating, true)
+
+    Application.put_env(:pleroma, :instance, instance)
+  end
+
+  test "returns 200 when federation is enabled" do
+    conn
+    |> get("/.well-known/nodeinfo")
+    |> json_response(200)
+
+    conn
+    |> get("/nodeinfo/2.0.json")
+    |> json_response(200)
+  end
 end

test/web/plugs/federating_plug_test.exs

@@ -0,0 +1,33 @@
+defmodule Pleroma.Web.FederatingPlugTest do
+  use Pleroma.Web.ConnCase
+
+  test "returns and halt the conn when federating is disabled" do
+    instance =
+      Application.get_env(:pleroma, :instance)
+      |> Keyword.put(:federating, false)
+
+    Application.put_env(:pleroma, :instance, instance)
+
+    conn =
+      build_conn()
+      |> Pleroma.Web.FederatingPlug.call(%{})
+
+    assert conn.status == 404
+    assert conn.halted
+
+    instance =
+      Application.get_env(:pleroma, :instance)
+      |> Keyword.put(:federating, true)
+
+    Application.put_env(:pleroma, :instance, instance)
+  end
+
+  test "does nothing when federating is enabled" do
+    conn =
+      build_conn()
+      |> Pleroma.Web.FederatingPlug.call(%{})
+
+    refute conn.status
+    refute conn.halted
+  end
+end

test/web/twitter_api/twitter_api_controller_test.exs

@@ -100,6 +100,56 @@ test "returns statuses", %{conn: conn} do
 
       assert length(response) == 10
     end
+
+    test "returns 403 to unauthenticated request when the instance is not public" do
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, false)
+
+      Application.put_env(:pleroma, :instance, instance)
+
+      conn
+      |> get("/api/statuses/public_timeline.json")
+      |> json_response(403)
+
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, true)
+
+      Application.put_env(:pleroma, :instance, instance)
+    end
+
+    test "returns 200 to unauthenticated request when the instance is public" do
+      conn
+      |> get("/api/statuses/public_timeline.json")
+      |> json_response(200)
+    end
+  end
+
+  describe "GET /statuses/public_and_external_timeline.json" do
+    test "returns 403 to unauthenticated request when the instance is not public" do
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, false)
+
+      Application.put_env(:pleroma, :instance, instance)
+
+      conn
+      |> get("/api/statuses/public_and_external_timeline.json")
+      |> json_response(403)
+
+      instance =
+        Application.get_env(:pleroma, :instance)
+        |> Keyword.put(:public, true)
+
+      Application.put_env(:pleroma, :instance, instance)
+    end
+
+    test "returns 200 to unauthenticated request when the instance is public" do
+      conn
+      |> get("/api/statuses/public_and_external_timeline.json")
+      |> json_response(200)
+    end
   end
 
   describe "GET /statuses/show/:id.json" do