OAuthScopesPlug module name

2020-06-24 09:57:27 +03:00 · 2020-06-24 09:57:27 +03:00 · a6d8cef33e
commit a6d8cef33e
parent 15772fda57
53 changed files with 67 additions and 62 deletions
--- a/docs/dev.md
+++ b/docs/dev.md
@ -6,7 +6,7 @@ This document contains notes and guidelines for Pleroma developers.

 * Pleroma supports hierarchical OAuth scopes, just like Mastodon but with added granularity of admin scopes. For a reference, see [Mastodon OAuth scopes](https://docs.joinmastodon.org/api/oauth-scopes/).

-* It is important to either define OAuth scope restrictions or explicitly mark OAuth scope check as skipped, for every controller action. To define scopes, call `plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: [...]})`. To explicitly set OAuth scopes check skipped, call `plug(:skip_plug, Pleroma.Plugs.OAuthScopesPlug <when ...>)`.
+* It is important to either define OAuth scope restrictions or explicitly mark OAuth scope check as skipped, for every controller action. To define scopes, call `plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: [...]})`. To explicitly set OAuth scopes check skipped, call `plug(:skip_plug, Pleroma.Web.Plugs.OAuthScopesPlug <when ...>)`.

 * In controllers, `use Pleroma.Web, :controller` will result in `action/2` (see `Pleroma.Web.controller/0` for definition) be called prior to actual controller action, and it'll perform security / privacy checks before passing control to actual controller action.

@ -16,7 +16,7 @@ This document contains notes and guidelines for Pleroma developers.

 ## [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization)

-* With HTTP Basic Auth, OAuth scopes check is _not_ performed for any action (since password is provided during the auth, requester is able to obtain a token with full permissions anyways). `Pleroma.Plugs.AuthenticationPlug` and `Pleroma.Plugs.LegacyAuthenticationPlug` both call `Pleroma.Plugs.OAuthScopesPlug.skip_plug(conn)` when password is provided.
+* With HTTP Basic Auth, OAuth scopes check is _not_ performed for any action (since password is provided during the auth, requester is able to obtain a token with full permissions anyways). `Pleroma.Plugs.AuthenticationPlug` and `Pleroma.Plugs.LegacyAuthenticationPlug` both call `Pleroma.Web.Plugs.OAuthScopesPlug.skip_plug(conn)` when password is provided.

 ## Auth-related configuration, OAuth consumer mode etc.

--- a/lib/pleroma/tests/auth_test_controller.ex
+++ b/lib/pleroma/tests/auth_test_controller.ex
@ -9,7 +9,7 @@ defmodule Pleroma.Tests.AuthTestController do
  use Pleroma.Web, :controller

  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User

  # Serves only with proper OAuth token (:api and :authenticated_api)
--- a/lib/pleroma/web.ex
+++ b/lib/pleroma/web.ex
@ -24,7 +24,7 @@ defmodule Pleroma.Web do
  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
  alias Pleroma.Plugs.ExpectAuthenticatedCheckPlug
  alias Pleroma.Plugs.ExpectPublicOrAuthenticatedCheckPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.PlugHelper

  def controller do
--- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex
@ -10,7 +10,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
  alias Pleroma.Config
  alias Pleroma.MFA
  alias Pleroma.ModerationLog
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Stats
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
--- a/lib/pleroma/web/admin_api/controllers/config_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/config_controller.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.AdminAPI.ConfigController do

  alias Pleroma.Config
  alias Pleroma.ConfigDB
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug

  plug(Pleroma.Web.ApiSpec.CastAndValidate)
  plug(OAuthScopesPlug, %{scopes: ["write"], admin: true} when action == :update)
--- a/lib/pleroma/web/admin_api/controllers/invite_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/invite_controller.ex
@ -8,7 +8,7 @@ defmodule Pleroma.Web.AdminAPI.InviteController do
  import Pleroma.Web.ControllerHelper, only: [json_response: 3]

  alias Pleroma.Config
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.UserInviteToken

  require Logger
--- a/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex
@ -5,7 +5,7 @@
 defmodule Pleroma.Web.AdminAPI.MediaProxyCacheController do
  use Pleroma.Web, :controller

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.ApiSpec.Admin, as: Spec
  alias Pleroma.Web.MediaProxy

--- a/lib/pleroma/web/admin_api/controllers/o_auth_app_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/o_auth_app_controller.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.AdminAPI.OAuthAppController do

  import Pleroma.Web.ControllerHelper, only: [json_response: 3]

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.OAuth.App

  require Logger
--- a/lib/pleroma/web/admin_api/controllers/relay_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/relay_controller.ex
@ -6,7 +6,7 @@ defmodule Pleroma.Web.AdminAPI.RelayController do
  use Pleroma.Web, :controller

  alias Pleroma.ModerationLog
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.ActivityPub.Relay

  require Logger
--- a/lib/pleroma/web/admin_api/controllers/report_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/report_controller.ex
@ -9,7 +9,7 @@ defmodule Pleroma.Web.AdminAPI.ReportController do

  alias Pleroma.Activity
  alias Pleroma.ModerationLog
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.ReportNote
  alias Pleroma.Web.ActivityPub.Utils
  alias Pleroma.Web.AdminAPI
--- a/lib/pleroma/web/admin_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/admin_api/controllers/status_controller.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.AdminAPI.StatusController do

  alias Pleroma.Activity
  alias Pleroma.ModerationLog
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Web.MastodonAPI
--- a/lib/pleroma/web/masto_fe_controller.ex
+++ b/lib/pleroma/web/masto_fe_controller.ex
@ -6,7 +6,7 @@ defmodule Pleroma.Web.MastoFEController do
  use Pleroma.Web, :controller

  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User

  plug(OAuthScopesPlug, %{scopes: ["write:accounts"]} when action == :put_settings)
--- a/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/account_controller.ex
@ -16,7 +16,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do

  alias Pleroma.Maps
  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.RateLimiter
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
--- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex
@ -6,7 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
  use Pleroma.Web, :controller

  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Repo
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Scopes
--- a/lib/pleroma/web/mastodon_api/controllers/conversation_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/conversation_controller.ex
@ -8,7 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.ConversationController do
  import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]

  alias Pleroma.Conversation.Participation
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Repo

  action_fallback(Pleroma.Web.MastodonAPI.FallbackController)
--- a/lib/pleroma/web/mastodon_api/controllers/custom_emoji_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/custom_emoji_controller.ex
@ -9,7 +9,7 @@ defmodule Pleroma.Web.MastodonAPI.CustomEmojiController do

  plug(
    :skip_plug,
-    [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
+    [Pleroma.Web.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
    when action == :index
  )

--- a/lib/pleroma/web/mastodon_api/controllers/domain_block_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/domain_block_controller.ex
@ -5,7 +5,7 @@
 defmodule Pleroma.Web.MastodonAPI.DomainBlockController do
  use Pleroma.Web, :controller

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User

  plug(Pleroma.Web.ApiSpec.CastAndValidate)
--- a/lib/pleroma/web/mastodon_api/controllers/filter_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/filter_controller.ex
@ -6,7 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.FilterController do
  use Pleroma.Web, :controller

  alias Pleroma.Filter
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug

  @oauth_read_actions [:show, :index]

--- a/lib/pleroma/web/mastodon_api/controllers/follow_request_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/follow_request_controller.ex
@ -5,7 +5,7 @@
 defmodule Pleroma.Web.MastodonAPI.FollowRequestController do
  use Pleroma.Web, :controller

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User
  alias Pleroma.Web.CommonAPI

--- a/lib/pleroma/web/mastodon_api/controllers/instance_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/instance_controller.ex
@ -9,7 +9,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceController do

  plug(
    :skip_plug,
-    [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
+    [Pleroma.Web.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
    when action in [:show, :peers]
  )

--- a/lib/pleroma/web/mastodon_api/controllers/list_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex
@ -5,7 +5,7 @@
 defmodule Pleroma.Web.MastodonAPI.ListController do
  use Pleroma.Web, :controller

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User
  alias Pleroma.Web.MastodonAPI.AccountView

--- a/lib/pleroma/web/mastodon_api/controllers/marker_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/marker_controller.ex
@ -4,7 +4,7 @@

 defmodule Pleroma.Web.MastodonAPI.MarkerController do
  use Pleroma.Web, :controller
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug

  plug(Pleroma.Web.ApiSpec.CastAndValidate)

--- a/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
@ -17,7 +17,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do

  plug(
    :skip_plug,
-    [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
+    [Pleroma.Web.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
    when action in [:empty_array, :empty_object]
  )

--- a/lib/pleroma/web/mastodon_api/controllers/media_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/media_controller.ex
@ -6,7 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.MediaController do
  use Pleroma.Web, :controller

  alias Pleroma.Object
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub

--- a/lib/pleroma/web/mastodon_api/controllers/notification_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/notification_controller.ex
@ -8,7 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.NotificationController do
  import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]

  alias Pleroma.Notification
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.MastodonAPI.MastodonAPI

  @oauth_read_actions [:show, :index]
--- a/lib/pleroma/web/mastodon_api/controllers/poll_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/poll_controller.ex
@ -9,7 +9,7 @@ defmodule Pleroma.Web.MastodonAPI.PollController do

  alias Pleroma.Activity
  alias Pleroma.Object
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.ActivityPub.Visibility
  alias Pleroma.Web.CommonAPI

--- a/lib/pleroma/web/mastodon_api/controllers/report_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/report_controller.ex
@ -3,14 +3,12 @@
 # SPDX-License-Identifier: AGPL-3.0-only

 defmodule Pleroma.Web.MastodonAPI.ReportController do
-  alias Pleroma.Plugs.OAuthScopesPlug
-
  use Pleroma.Web, :controller

  action_fallback(Pleroma.Web.MastodonAPI.FallbackController)

  plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(OAuthScopesPlug, %{scopes: ["write:reports"]} when action == :create)
+  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["write:reports"]} when action == :create)

  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.ReportOperation

--- a/lib/pleroma/web/mastodon_api/controllers/scheduled_activity_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/scheduled_activity_controller.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.MastodonAPI.ScheduledActivityController do

  import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.ScheduledActivity
  alias Pleroma.Web.MastodonAPI.MastodonAPI

--- a/lib/pleroma/web/mastodon_api/controllers/search_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/search_controller.ex
@ -6,7 +6,7 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
  use Pleroma.Web, :controller

  alias Pleroma.Activity
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.RateLimiter
  alias Pleroma.Repo
  alias Pleroma.User
--- a/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/status_controller.ex
@ -13,7 +13,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusController do
  alias Pleroma.Activity
  alias Pleroma.Bookmark
  alias Pleroma.Object
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.RateLimiter
  alias Pleroma.Repo
  alias Pleroma.ScheduledActivity
--- a/lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex
@ -13,7 +13,7 @@ defmodule Pleroma.Web.MastodonAPI.SubscriptionController do

  plug(Pleroma.Web.ApiSpec.CastAndValidate)
  plug(:restrict_push_enabled)
-  plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["push"]})
+  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["push"]})

  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.SubscriptionOperation

--- a/lib/pleroma/web/mastodon_api/controllers/suggestion_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/suggestion_controller.ex
@ -8,7 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.SuggestionController do
  require Logger

  plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(Pleroma.Plugs.OAuthScopesPlug, %{scopes: ["read"]} when action == :index)
+  plug(Pleroma.Web.Plugs.OAuthScopesPlug, %{scopes: ["read"]} when action == :index)

  def open_api_operation(action) do
    operation = String.to_existing_atom("#{action}_operation")
--- a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
@ -11,7 +11,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
  alias Pleroma.Config
  alias Pleroma.Pagination
  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.RateLimiter
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
--- a/lib/pleroma/web/o_auth/o_auth_controller.ex
+++ b/lib/pleroma/web/o_auth/o_auth_controller.ex
@ -31,7 +31,10 @@ defmodule Pleroma.Web.OAuth.OAuthController do
  plug(:fetch_session)
  plug(:fetch_flash)

-  plug(:skip_plug, [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug])
+  plug(:skip_plug, [
+    Pleroma.Web.Plugs.OAuthScopesPlug,
+    Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
+  ])

  plug(RateLimiter, [name: :authentication] when action == :create_authorization)

--- a/lib/pleroma/web/o_auth/scopes.ex
+++ b/lib/pleroma/web/o_auth/scopes.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.OAuth.Scopes do
  Functions for dealing with scopes.
  """

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug

  @doc """
  Fetch scopes from request params.
--- a/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/account_controller.ex
@ -9,7 +9,7 @@ defmodule Pleroma.Web.PleromaAPI.AccountController do
    only: [json_response: 3, add_link_headers: 2, assign_account_by_id: 2]

  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.RateLimiter
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
--- a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex
@ -11,7 +11,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do
  alias Pleroma.Chat.MessageReference
  alias Pleroma.Object
  alias Pleroma.Pagination
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.CommonAPI
--- a/lib/pleroma/web/pleroma_api/controllers/conversation_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/conversation_controller.ex
@ -8,7 +8,7 @@ defmodule Pleroma.Web.PleromaAPI.ConversationController do
  import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]

  alias Pleroma.Conversation.Participation
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.MastodonAPI.StatusView

--- a/lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex
@ -10,7 +10,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackController do
  plug(Pleroma.Web.ApiSpec.CastAndValidate)

  plug(
-    Pleroma.Plugs.OAuthScopesPlug,
+    Pleroma.Web.Plugs.OAuthScopesPlug,
    %{scopes: ["write"], admin: true}
    when action in [
           :import_from_filesystem,
@ -22,8 +22,11 @@ defmodule Pleroma.Web.PleromaAPI.EmojiPackController do
         ]
  )

-  @skip_plugs [Pleroma.Plugs.OAuthScopesPlug, Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug]
-  plug(:skip_plug, @skip_plugs when action in [:index, :show, :archive])
+  @skip_plugs [
+    Pleroma.Web.Plugs.OAuthScopesPlug,
+    Pleroma.Web.Plugs.ExpectPublicOrAuthenticatedCheckPlug
+  ]
+  plug(:skip_plug, @skip_plugs when action in [:index, :archive, :show])

  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaEmojiPackOperation

--- a/lib/pleroma/web/pleroma_api/controllers/emoji_reaction_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_reaction_controller.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiReactionController do

  alias Pleroma.Activity
  alias Pleroma.Object
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Web.MastodonAPI.StatusView

--- a/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex
@ -5,7 +5,7 @@
 defmodule Pleroma.Web.PleromaAPI.MascotController do
  use Pleroma.Web, :controller

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub

--- a/lib/pleroma/web/pleroma_api/controllers/notification_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/notification_controller.ex
@ -6,10 +6,14 @@ defmodule Pleroma.Web.PleromaAPI.NotificationController do
  use Pleroma.Web, :controller

  alias Pleroma.Notification
-  alias Pleroma.Plugs.OAuthScopesPlug

  plug(Pleroma.Web.ApiSpec.CastAndValidate)
-  plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :mark_as_read)
+
+  plug(
+    Pleroma.Web.Plugs.OAuthScopesPlug,
+    %{scopes: ["write:notifications"]} when action == :mark_as_read
+  )
+
  plug(:put_view, Pleroma.Web.MastodonAPI.NotificationView)

  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.PleromaNotificationOperation
--- a/lib/pleroma/web/pleroma_api/controllers/scrobble_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/scrobble_controller.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.PleromaAPI.ScrobbleController do

  import Pleroma.Web.ControllerHelper, only: [add_link_headers: 2]

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.CommonAPI
--- a/lib/pleroma/web/pleroma_api/controllers/two_factor_authentication_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/two_factor_authentication_controller.ex
@ -10,7 +10,7 @@ defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController do

  alias Pleroma.MFA
  alias Pleroma.MFA.TOTP
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.CommonAPI.Utils

  plug(OAuthScopesPlug, %{scopes: ["read:security"]} when action in [:settings])
--- a/lib/pleroma/web/plugs/authentication_plug.ex
+++ b/lib/pleroma/web/plugs/authentication_plug.ex
@ -3,7 +3,6 @@
 # SPDX-License-Identifier: AGPL-3.0-only

 defmodule Pleroma.Plugs.AuthenticationPlug do
-  alias Pleroma.Plugs.OAuthScopesPlug
  alias Pleroma.User

  import Plug.Conn
@ -65,7 +64,7 @@ def call(

      conn
      |> assign(:user, auth_user)
-      |> OAuthScopesPlug.skip_plug()
+      |> Pleroma.Web.Plugs.OAuthScopesPlug.skip_plug()
    else
      conn
    end
--- a/lib/pleroma/web/plugs/legacy_authentication_plug.ex
+++ b/lib/pleroma/web/plugs/legacy_authentication_plug.ex
@ -5,7 +5,6 @@
 defmodule Pleroma.Plugs.LegacyAuthenticationPlug do
  import Plug.Conn

-  alias Pleroma.Plugs.OAuthScopesPlug
  alias Pleroma.User

  def init(options) do
@ -29,7 +28,7 @@ def call(
      conn
      |> assign(:auth_user, user)
      |> assign(:user, user)
-      |> OAuthScopesPlug.skip_plug()
+      |> Pleroma.Web.Plugs.OAuthScopesPlug.skip_plug()
    else
      _ ->
        conn
--- a/lib/pleroma/web/plugs/o_auth_scopes_plug.ex
+++ b/lib/pleroma/web/plugs/o_auth_scopes_plug.ex
@ -2,7 +2,7 @@
 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only

-defmodule Pleroma.Plugs.OAuthScopesPlug do
+defmodule Pleroma.Web.Plugs.OAuthScopesPlug do
  import Plug.Conn
  import Pleroma.Web.Gettext

--- a/lib/pleroma/web/twitter_api/controller.ex
+++ b/lib/pleroma/web/twitter_api/controller.ex
@ -7,7 +7,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do

  alias Pleroma.Notification
  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.TwitterAPI.TokenView
--- a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex
@ -10,7 +10,6 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do
  alias Pleroma.Activity
  alias Pleroma.MFA
  alias Pleroma.Object.Fetcher
-  alias Pleroma.Plugs.OAuthScopesPlug
  alias Pleroma.User
  alias Pleroma.Web.Auth.Authenticator
  alias Pleroma.Web.Auth.TOTPAuthenticator
@ -22,7 +21,7 @@ defmodule Pleroma.Web.TwitterAPI.RemoteFollowController do

  # Note: follower can submit the form (with password auth) not being signed in (having no token)
  plug(
-    OAuthScopesPlug,
+    Pleroma.Web.Plugs.OAuthScopesPlug,
    %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]}
    when action in [:do_follow]
  )
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -11,7 +11,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
  alias Pleroma.Emoji
  alias Pleroma.Healthcheck
  alias Pleroma.Notification
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.User
  alias Pleroma.Web.CommonAPI
  alias Pleroma.Web.WebFinger
--- a/test/pleroma/web/plugs/authentication_plug_test.exs
+++ b/test/pleroma/web/plugs/authentication_plug_test.exs
@ -6,7 +6,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
  use Pleroma.Web.ConnCase, async: true

  alias Pleroma.Plugs.AuthenticationPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.PlugHelper
  alias Pleroma.User

--- a/test/pleroma/web/plugs/legacy_authentication_plug_test.exs
+++ b/test/pleroma/web/plugs/legacy_authentication_plug_test.exs
@ -8,7 +8,7 @@ defmodule Pleroma.Web.Plugs.LegacyAuthenticationPlugTest do
  import Pleroma.Factory

  alias Pleroma.Plugs.LegacyAuthenticationPlug
-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Web.Plugs.PlugHelper
  alias Pleroma.User

--- a/test/pleroma/web/plugs/o_auth_scopes_plug_test.exs
+++ b/test/pleroma/web/plugs/o_auth_scopes_plug_test.exs
@ -5,7 +5,7 @@
 defmodule Pleroma.Web.Plugs.OAuthScopesPlugTest do
  use Pleroma.Web.ConnCase

-  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.Plugs.OAuthScopesPlug
  alias Pleroma.Repo

  import Mock