MastoAPI Streaming: Keep compatibility with access_token

This commit is contained in:
Haelwenn (lanodan) Monnier 2019-07-06 20:26:08 +02:00
parent a7885748c7
commit e174614eb9
No known key found for this signature in database
GPG key ID: D5B7A8E43C997DEE
2 changed files with 15 additions and 5 deletions

View file

@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Mastodon API: Support for the [`tagged` filter](https://github.com/tootsuite/mastodon/pull/9755) in [`GET /api/v1/accounts/:id/statuses`](https://docs.joinmastodon.org/api/rest/accounts/#get-api-v1-accounts-id-statuses)
- Admin API: Return users' tags when querying reports
- Admin API: Return avatar and display name when querying users
- Mastodon API, streaming: Add support for passing the token in the `Sec-WebSocket-Protocol` header
### Fixed
- Not being able to pin unlisted posts

View file

@ -29,9 +29,10 @@ defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do
def init(%{qs: qs} = req, state) do
with params <- :cow_qs.parse_qs(qs),
access_token <- :cowboy_req.header("sec-websocket-protocol", req, 0),
sec_websocket <- :cowboy_req.header("sec-websocket-protocol", req, nil),
access_token <- List.keyfind(params, "access_token", 0),
{_, stream} <- List.keyfind(params, "stream", 0),
{:ok, user} <- allow_request(stream, access_token),
{:ok, user} <- allow_request(stream, [access_token, sec_websocket]),
topic when is_binary(topic) <- expand_topic(stream, params) do
{:cowboy_websocket, req, %{user: user, topic: topic}, %{idle_timeout: @timeout}}
else
@ -84,13 +85,21 @@ def terminate(reason, _req, state) do
end
# Public streams without authentication.
defp allow_request(stream, nil) when stream in @anonymous_streams do
defp allow_request(stream, [nil, nil]) when stream in @anonymous_streams do
{:ok, nil}
end
# Authenticated streams.
defp allow_request(stream, access_token) when stream in @streams do
with %Token{user_id: user_id} <- Repo.get_by(Token, token: access_token),
defp allow_request(stream, [access_token, sec_websocket]) when stream in @streams do
token =
with {"access_token", token} <- access_token do
token
else
_ -> sec_websocket
end
with true <- is_bitstring(token),
%Token{user_id: user_id} <- Repo.get_by(Token, token: token),
user = %User{} <- User.get_cached_by_id(user_id) do
{:ok, user}
else