Rename MobilizonWeb to Mobilizon.Web

2020-01-26 21:36:50 +01:00
parent b3f8d52bc9
commit 8856cc2f55
143 changed files with 490 additions and 490 deletions
--- a/lib/web/auth/context.ex
+++ b/lib/web/auth/context.ex
@@ -0,0 +1,29 @@
+defmodule Mobilizon.Web.Auth.Context do
+  @moduledoc """
+  Guardian context for Mobilizon.Web
+  """
+  @behaviour Plug
+
+  import Plug.Conn
+
+  alias Mobilizon.Users.User
+
+  def init(opts) do
+    opts
+  end
+
+  def call(conn, _) do
+    context = %{ip: to_string(:inet_parse.ntoa(conn.remote_ip))}
+
+    context =
+      case Guardian.Plug.current_resource(conn) do
+        %User{} = user ->
+          Map.put(context, :current_user, user)
+
+        nil ->
+          context
+      end
+
+    put_private(conn, :absinthe, %{context: context})
+  end
+end
--- a/lib/web/auth/error_handler.ex
+++ b/lib/web/auth/error_handler.ex
@@ -0,0 +1,11 @@
+defmodule Mobilizon.Web.Auth.ErrorHandler do
+  @moduledoc """
+  In case we have an auth error
+  """
+  import Plug.Conn
+
+  def auth_error(conn, {type, _reason}, _opts) do
+    body = Jason.encode!(%{message: to_string(type)})
+    send_resp(conn, 401, body)
+  end
+end
--- a/lib/web/auth/guardian.ex
+++ b/lib/web/auth/guardian.ex
@@ -0,0 +1,79 @@
+defmodule Mobilizon.Web.Auth.Guardian do
+  @moduledoc """
+  Handles the JWT tokens encoding and decoding
+  """
+
+  use Guardian,
+    otp_app: :mobilizon,
+    permissions: %{
+      superuser: [:moderate, :super],
+      user: [:base]
+    }
+
+  alias Mobilizon.Users
+  alias Mobilizon.Users.User
+
+  require Logger
+
+  def subject_for_token(%User{} = user, _claims) do
+    {:ok, "User:" <> to_string(user.id)}
+  end
+
+  def subject_for_token(_, _) do
+    {:error, :unknown_resource}
+  end
+
+  def resource_from_claims(%{"sub" => "User:" <> uid_str}) do
+    Logger.debug(fn -> "Receiving claim for user #{uid_str}" end)
+
+    try do
+      case Integer.parse(uid_str) do
+        {uid, ""} ->
+          {:ok, Users.get_user_with_actors!(uid)}
+
+        _ ->
+          {:error, :invalid_id}
+      end
+    rescue
+      Ecto.NoResultsError -> {:error, :no_result}
+    end
+  end
+
+  def resource_from_claims(_) do
+    {:error, :reason_for_error}
+  end
+
+  def after_encode_and_sign(resource, claims, token, _options) do
+    Logger.debug(fn -> "after_encode_and_sign #{inspect(claims)}" end)
+
+    with {:ok, _} <- Guardian.DB.after_encode_and_sign(resource, claims["typ"], claims, token) do
+      {:ok, token}
+    end
+  end
+
+  def on_verify(claims, token, _options) do
+    with {:ok, _} <- Guardian.DB.on_verify(claims, token) do
+      {:ok, claims}
+    end
+  end
+
+  def on_revoke(claims, token, _options) do
+    with {:ok, _} <- Guardian.DB.on_revoke(claims, token) do
+      {:ok, claims}
+    end
+  end
+
+  def on_refresh({old_token, old_claims}, {new_token, new_claims}, _options) do
+    with {:ok, _, _} <- Guardian.DB.on_refresh({old_token, old_claims}, {new_token, new_claims}) do
+      {:ok, {old_token, old_claims}, {new_token, new_claims}}
+    end
+  end
+
+  def on_exchange(old_stuff, new_stuff, options), do: on_refresh(old_stuff, new_stuff, options)
+
+  #  def build_claims(claims, _resource, opts) do
+  #    claims = claims
+  #             |> encode_permissions_into_claims!(Keyword.get(opts, :permissions))
+  #    {:ok, claims}
+  #  end
+end
--- a/lib/web/auth/pipeline.ex
+++ b/lib/web/auth/pipeline.ex
@@ -0,0 +1,14 @@
+defmodule Mobilizon.Web.Auth.Pipeline do
+  @moduledoc """
+  Handles the app sessions
+  """
+
+  use Guardian.Plug.Pipeline,
+    otp_app: :mobilizon,
+    module: Mobilizon.Web.Auth.Guardian,
+    error_handler: Mobilizon.Web.Auth.ErrorHandler
+
+  plug(Guardian.Plug.VerifyHeader, realm: "Bearer")
+  plug(Guardian.Plug.LoadResource, allow_blank: true)
+  plug(Mobilizon.Web.Auth.Context)
+end