Merge branch 'frontendstatic-ignore-api-calls' into 'develop'

Filter out API calls from FrontendStatic plug

Closes #2261

See merge request pleroma/pleroma!3346

lib/pleroma/web.ex

@@ -63,7 +63,8 @@ defp skip_plug(conn, plug_modules) do
 
       # Executed just before actual controller action, invokes before-action hooks (callbacks)
       defp action(conn, params) do
-        with %{halted: false} = conn <- maybe_drop_authentication_if_oauth_check_ignored(conn),
+        with %{halted: false} = conn <-
+               maybe_drop_authentication_if_oauth_check_ignored(conn),
              %{halted: false} = conn <- maybe_perform_public_or_authenticated_check(conn),
              %{halted: false} = conn <- maybe_perform_authenticated_check(conn),
              %{halted: false} = conn <- maybe_halt_on_missing_oauth_scopes_check(conn) do
@@ -232,4 +233,16 @@ defmacro __using__(which) when is_atom(which) do
   def base_url do
     Pleroma.Web.Endpoint.url()
   end
+
+  # TODO: Change to Phoenix.Router.routes/1 for Phoenix 1.6.0+
+  def get_api_routes do
+    Pleroma.Web.Router.__routes__()
+    |> Enum.reject(fn r -> r.plug == Pleroma.Web.Fallback.RedirectController end)
+    |> Enum.map(fn r ->
+      r.path
+      |> String.split("/", trim: true)
+      |> List.first()
+    end)
+    |> Enum.uniq()
+  end
 end

lib/pleroma/web/plugs/frontend_static.ex

@@ -10,6 +10,8 @@ defmodule Pleroma.Web.Plugs.FrontendStatic do
   """
   @behaviour Plug
 
+  @api_routes Pleroma.Web.get_api_routes()
+
   def file_path(path, frontend_type \\ :primary) do
     if configuration = Pleroma.Config.get([:frontends, frontend_type]) do
       instance_static_path = Pleroma.Config.get([:instance, :static_dir], "instance/static")
@@ -34,7 +36,8 @@ def init(opts) do
   end
 
   def call(conn, opts) do
-    with false <- invalid_path?(conn.path_info),
+    with false <- api_route?(conn.path_info),
+         false <- invalid_path?(conn.path_info),
          frontend_type <- Map.get(opts, :frontend_type, :primary),
          path when not is_nil(path) <- file_path("", frontend_type) do
       call_static(conn, opts, path)
@@ -52,6 +55,10 @@ defp invalid_path?([h | _], _match) when h in [".", "..", ""], do: true
   defp invalid_path?([h | t], match), do: String.contains?(h, match) or invalid_path?(t)
   defp invalid_path?([], _match), do: false
 
+  defp api_route?([h | _]) when h in @api_routes, do: true
+  defp api_route?([_ | t]), do: api_route?(t)
+  defp api_route?([]), do: false
+
   defp call_static(conn, opts, from) do
     opts = Map.put(opts, :from, from)
     Plug.Static.call(conn, opts)

test/pleroma/web/plugs/frontend_static_plug_test.exs

@@ -74,4 +74,35 @@ test "exclude invalid path", %{conn: conn} do
       assert %Plug.Conn{status: :success} = get(conn, url)
     end
   end
+
+  test "api routes are detected correctly" do
+    # If this test fails we have probably added something
+    # new that should be in /api/ instead
+    expected_routes = [
+      "api",
+      "main",
+      "ostatus_subscribe",
+      "oauth",
+      "objects",
+      "activities",
+      "notice",
+      "users",
+      "tags",
+      "mailer",
+      "inbox",
+      "relay",
+      "internal",
+      ".well-known",
+      "nodeinfo",
+      "web",
+      "auth",
+      "embed",
+      "proxy",
+      "test",
+      "user_exists",
+      "check_password"
+    ]
+
+    assert expected_routes == Pleroma.Web.get_api_routes()
+  end
 end