philomena/lib/philomena_web/plugs/tor_plug.ex

40 lines
900 B
Elixir
Raw Normal View History

2019-12-23 19:57:14 +01:00
defmodule PhilomenaWeb.TorPlug do
@moduledoc """
This plug ensures that a Tor user is authenticated.
## Example
plug PhilomenaWeb.TorPlug
"""
2024-04-28 04:58:43 +02:00
use PhilomenaWeb, :verified_routes
2019-12-23 19:57:14 +01:00
alias Phoenix.Controller
alias Plug.Conn
@doc false
@spec init(any()) :: any()
def init(opts), do: opts
@doc false
@spec call(Conn.t(), any()) :: Conn.t()
def call(conn, _opts) do
onion? = onion?(conn.host)
user = conn.assigns.current_user
2023-03-30 18:44:12 +02:00
maybe_redirect(conn, user, onion?)
2019-12-23 19:57:14 +01:00
end
2023-03-30 18:44:12 +02:00
def maybe_redirect(conn, nil, true) do
2019-12-23 19:57:14 +01:00
conn
2024-06-06 22:28:35 +02:00
|> Controller.redirect(to: ~p"/sessions/new")
2019-12-23 19:57:14 +01:00
|> Conn.halt()
end
2020-01-11 05:20:19 +01:00
2023-03-30 18:44:12 +02:00
def maybe_redirect(conn, _user, _onion?), do: conn
2019-12-23 19:57:14 +01:00
# This is allowed, because nginx won't forward the request
# to the appserver if the hostname isn't in a specific list
# of allowed hostnames.
def onion?(host), do: String.ends_with?(host, ".onion")
end