mirror of
https://github.com/philomena-dev/philomena.git
synced 2025-01-19 22:27:59 +01:00
tor plug
This commit is contained in:
parent
7b97a40ec8
commit
20c521e67b
2 changed files with 51 additions and 4 deletions
38
lib/philomena_web/plugs/tor_plug.ex
Normal file
38
lib/philomena_web/plugs/tor_plug.ex
Normal file
|
@ -0,0 +1,38 @@
|
|||
defmodule PhilomenaWeb.TorPlug do
|
||||
@moduledoc """
|
||||
This plug ensures that a Tor user is authenticated.
|
||||
|
||||
## Example
|
||||
|
||||
plug PhilomenaWeb.TorPlug
|
||||
"""
|
||||
alias PhilomenaWeb.Router.Helpers, as: Routes
|
||||
alias Phoenix.Controller
|
||||
alias Plug.Conn
|
||||
|
||||
@doc false
|
||||
@spec init(any()) :: any()
|
||||
def init(opts), do: opts
|
||||
|
||||
@doc false
|
||||
@spec call(Conn.t(), any()) :: Conn.t()
|
||||
def call(conn, _opts) do
|
||||
onion? = onion?(conn.host)
|
||||
user = conn.assigns.current_user
|
||||
ip = conn.remote_ip
|
||||
|
||||
maybe_redirect(conn, user, ip, onion?)
|
||||
end
|
||||
|
||||
def maybe_redirect(conn, nil, {127, 0, 0, 1}, true) do
|
||||
conn
|
||||
|> Controller.redirect(to: Routes.pow_session_path(conn, :new))
|
||||
|> Conn.halt()
|
||||
end
|
||||
def maybe_redirect(conn, _user, _ip, _onion?), do: conn
|
||||
|
||||
# This is allowed, because nginx won't forward the request
|
||||
# to the appserver if the hostname isn't in a specific list
|
||||
# of allowed hostnames.
|
||||
def onion?(host), do: String.ends_with?(host, ".onion")
|
||||
end
|
|
@ -44,6 +44,10 @@ defmodule PhilomenaWeb.Router do
|
|||
plug PhilomenaWeb.TotpPlug
|
||||
end
|
||||
|
||||
pipeline :ensure_tor_authorized do
|
||||
plug PhilomenaWeb.TorPlug
|
||||
end
|
||||
|
||||
pipeline :ensure_not_banned do
|
||||
plug PhilomenaWeb.FilterBannedUsersPlug
|
||||
end
|
||||
|
@ -54,15 +58,20 @@ defmodule PhilomenaWeb.Router do
|
|||
end
|
||||
|
||||
scope "/" do
|
||||
pipe_through [:browser, :ensure_totp, :ensure_not_banned]
|
||||
pipe_through [:browser, :ensure_totp, :ensure_not_banned, :ensure_tor_authorized]
|
||||
|
||||
pow_registration_routes()
|
||||
end
|
||||
|
||||
scope "/" do
|
||||
pipe_through [:browser, :ensure_totp]
|
||||
|
||||
|
||||
pow_session_routes()
|
||||
end
|
||||
|
||||
scope "/" do
|
||||
pipe_through [:browser, :ensure_totp, :ensure_tor_authorized]
|
||||
|
||||
pow_extension_routes()
|
||||
end
|
||||
|
||||
|
@ -85,7 +94,7 @@ defmodule PhilomenaWeb.Router do
|
|||
end
|
||||
|
||||
scope "/api/v1/json", PhilomenaWeb.Api.Json, as: :api_json do
|
||||
pipe_through [:accepts_json, :api]
|
||||
pipe_through [:accepts_json, :api, :ensure_tor_authorized]
|
||||
resources "/images", ImageController, only: [:show]
|
||||
|
||||
scope "/search", Search, as: :search do
|
||||
|
@ -270,7 +279,7 @@ defmodule PhilomenaWeb.Router do
|
|||
end
|
||||
|
||||
scope "/", PhilomenaWeb do
|
||||
pipe_through [:browser, :ensure_totp]
|
||||
pipe_through [:browser, :ensure_totp, :ensure_tor_authorized]
|
||||
|
||||
get "/", ActivityController, :index
|
||||
|
||||
|
|
Loading…
Reference in a new issue