From 9566b9b73fa236b9bb638ad76e7a1f6e6a2e6443 Mon Sep 17 00:00:00 2001
From: Liam <byteslice@airmail.cc>
Date: Sat, 27 Apr 2024 22:58:43 -0400
Subject: [PATCH] Add verified routes to web

---
 lib/philomena_web.ex                              | 15 +++++++++++++++
 .../controllers/channel_controller.ex             | 10 +++++-----
 lib/philomena_web/plugs/tor_plug.ex               |  2 ++
 lib/philomena_web/plugs/totp_plug.ex              |  1 +
 lib/philomena_web/user_auth.ex                    |  2 ++
 test/support/conn_case.ex                         |  2 ++
 6 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/lib/philomena_web.ex b/lib/philomena_web.ex
index 8831505b..4a8fbcb8 100644
--- a/lib/philomena_web.ex
+++ b/lib/philomena_web.ex
@@ -17,6 +17,8 @@ defmodule PhilomenaWeb do
   and import those modules here.
   """
 
+  def static_paths, do: ~w(assets images favicon.ico favicon.svg robots.txt)
+
   def controller do
     quote do
       use Phoenix.Controller, namespace: PhilomenaWeb
@@ -26,6 +28,8 @@ defmodule PhilomenaWeb do
       import Canary.Plugs
       import PhilomenaWeb.ModerationLogPlug, only: [moderation_log: 2]
       alias PhilomenaWeb.Router.Helpers, as: Routes
+
+      unquote(verified_routes())
     end
   end
 
@@ -47,6 +51,8 @@ defmodule PhilomenaWeb do
 
       # Wrong way around for convenience
       import PhilomenaWeb.AppView
+
+      unquote(verified_routes())
     end
   end
 
@@ -65,6 +71,15 @@ defmodule PhilomenaWeb do
     end
   end
 
+  def verified_routes do
+    quote do
+      use Phoenix.VerifiedRoutes,
+        endpoint: PhilomenaWeb.Endpoint,
+        router: PhilomenaWeb.Router,
+        statics: PhilomenaWeb.static_paths()
+    end
+  end
+
   @doc """
   When used, dispatch to the appropriate controller/view/etc.
   """
diff --git a/lib/philomena_web/controllers/channel_controller.ex b/lib/philomena_web/controllers/channel_controller.ex
index 24684dc4..973017d3 100644
--- a/lib/philomena_web/controllers/channel_controller.ex
+++ b/lib/philomena_web/controllers/channel_controller.ex
@@ -39,7 +39,7 @@ defmodule PhilomenaWeb.ChannelController do
 
     if user, do: Channels.clear_notification(channel, user)
 
-    redirect(conn, external: url(channel))
+    redirect(conn, external: channel_url(channel))
   end
 
   def new(conn, _params) do
@@ -101,15 +101,15 @@ defmodule PhilomenaWeb.ChannelController do
   defp maybe_show_nsfw(query, true), do: query
   defp maybe_show_nsfw(query, _falsy), do: where(query, [c], c.nsfw == false)
 
-  defp url(%{type: "LivestreamChannel", short_name: short_name}),
+  defp channel_url(%{type: "LivestreamChannel", short_name: short_name}),
     do: "http://www.livestream.com/#{short_name}"
 
-  defp url(%{type: "PicartoChannel", short_name: short_name}),
+  defp channel_url(%{type: "PicartoChannel", short_name: short_name}),
     do: "https://picarto.tv/#{short_name}"
 
-  defp url(%{type: "PiczelChannel", short_name: short_name}),
+  defp channel_url(%{type: "PiczelChannel", short_name: short_name}),
     do: "https://piczel.tv/watch/#{short_name}"
 
-  defp url(%{type: "TwitchChannel", short_name: short_name}),
+  defp channel_url(%{type: "TwitchChannel", short_name: short_name}),
     do: "https://www.twitch.tv/#{short_name}"
 end
diff --git a/lib/philomena_web/plugs/tor_plug.ex b/lib/philomena_web/plugs/tor_plug.ex
index 1cd51f70..8e6cc4e3 100644
--- a/lib/philomena_web/plugs/tor_plug.ex
+++ b/lib/philomena_web/plugs/tor_plug.ex
@@ -7,6 +7,8 @@ defmodule PhilomenaWeb.TorPlug do
       plug PhilomenaWeb.TorPlug
   """
   alias PhilomenaWeb.Router.Helpers, as: Routes
+  use PhilomenaWeb, :verified_routes
+
   alias Phoenix.Controller
   alias Plug.Conn
 
diff --git a/lib/philomena_web/plugs/totp_plug.ex b/lib/philomena_web/plugs/totp_plug.ex
index 9d8665c9..30f87378 100644
--- a/lib/philomena_web/plugs/totp_plug.ex
+++ b/lib/philomena_web/plugs/totp_plug.ex
@@ -8,6 +8,7 @@ defmodule PhilomenaWeb.TotpPlug do
   """
 
   alias PhilomenaWeb.Router.Helpers, as: Routes
+  use PhilomenaWeb, :verified_routes
 
   @doc false
   @spec init(any()) :: any()
diff --git a/lib/philomena_web/user_auth.ex b/lib/philomena_web/user_auth.ex
index 84b79a70..af7166cf 100644
--- a/lib/philomena_web/user_auth.ex
+++ b/lib/philomena_web/user_auth.ex
@@ -7,6 +7,8 @@ defmodule PhilomenaWeb.UserAuth do
   alias PhilomenaWeb.UserIpUpdater
   alias PhilomenaWeb.UserFingerprintUpdater
 
+  use PhilomenaWeb, :verified_routes
+
   # Make the remember me cookie valid for 365 days.
   # If you want bump or reduce this value, also change
   # the token expiry itself in UserToken.
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
index aafac224..151ed056 100644
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@@ -25,6 +25,8 @@ defmodule PhilomenaWeb.ConnCase do
 
       # The default endpoint for testing
       @endpoint PhilomenaWeb.Endpoint
+
+      use PhilomenaWeb, :verified_routes
     end
   end