1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Endpoint do
6 use Phoenix.Endpoint, otp_app: :pleroma
8 require Pleroma.Constants
12 socket("/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler,
17 error_handler: {Pleroma.Web.MastodonAPI.WebsocketHandler, :handle_error, []},
22 socket("/socket", Pleroma.Web.UserSocket,
26 {Phoenix.Socket.V1.JSONSerializer, "~> 1.0.0"},
27 {Phoenix.Socket.V2.JSONSerializer, "~> 2.0.0"}
37 socket("/live", Phoenix.LiveView.Socket)
39 plug(Plug.Telemetry, event_prefix: [:phoenix, :endpoint])
41 plug(Pleroma.Web.Plugs.SetLocalePlug)
43 plug(Pleroma.Web.Plugs.HTTPSecurityPlug)
44 plug(Pleroma.Web.Plugs.UploadedMedia)
46 @static_cache_control "public, max-age=1209600"
47 @static_cache_disabled "public, no-cache"
49 # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
50 # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
51 # Cache-control headers are duplicated in case we turn off etags in the future
53 Pleroma.Web.Plugs.InstanceStatic,
56 only: ["emoji", "images"],
58 cache_control_for_etags: @static_cache_control,
60 "cache-control" => @static_cache_control
64 plug(Pleroma.Web.Plugs.InstanceStatic,
67 cache_control_for_etags: @static_cache_disabled,
69 "cache-control" => @static_cache_disabled
73 plug(Pleroma.Web.Plugs.FrontendStatic,
75 frontend_type: :primary,
78 cache_control_for_etags: @static_cache_disabled,
80 "cache-control" => @static_cache_disabled
84 plug(Pleroma.Web.Plugs.FrontendStatic,
86 frontend_type: :primary,
88 cache_control_for_etags: @static_cache_control,
90 "cache-control" => @static_cache_control
94 plug(Plug.Static.IndexHtml, at: "/pleroma/admin/")
96 plug(Pleroma.Web.Plugs.FrontendStatic,
98 frontend_type: :admin,
100 cache_control_for_etags: @static_cache_disabled,
102 "cache-control" => @static_cache_disabled
106 # Serve at "/" the static files from "priv/static" directory.
108 # You should set gzip to true if you are running phoenix.digest
109 # when deploying your static files in production.
114 only: Pleroma.Constants.static_only_files(),
115 # credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
117 cache_control_for_etags: @static_cache_disabled,
119 "cache-control" => @static_cache_disabled
124 at: "/pleroma/admin/",
125 from: {:pleroma, "priv/static/adminfe/"}
128 # Code reloading can be explicitly enabled under the
129 # :code_reloader configuration of your endpoint.
130 if code_reloading? do
131 plug(Phoenix.CodeReloader)
134 plug(Pleroma.Web.Plugs.TrailingFormatPlug)
136 plug(Plug.Logger, log: :debug)
139 parsers: [:urlencoded, Pleroma.Web.Multipart, :json],
142 # Note: this is compile-time only, won't work for database-config
143 length: Config.get([:instance, :upload_limit]),
144 body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []}
147 plug(Plug.MethodOverride)
150 secure_cookies = Config.get([__MODULE__, :secure_cookie_flag])
154 do: "__Host-pleroma_key",
158 Config.get([__MODULE__, :extra_cookie_attrs])
161 # The session will be stored in the cookie and signed,
162 # this means its contents can be read but not tampered with.
163 # Set :encryption_salt if you would also like to encrypt it.
168 signing_salt: Config.get([__MODULE__, :signing_salt], "CqaoopA2"),
170 secure: secure_cookies,
174 plug(Pleroma.Web.Plugs.RemoteIp)
176 plug(Pleroma.Web.Router)
179 Dynamically loads configuration from the system environment
182 It receives the endpoint configuration from the config files
183 and must return the updated configuration.
185 def load_from_system_env(config) do
186 port = System.get_env("PORT") || raise "expected the PORT environment variable to be set"
187 {:ok, Keyword.put(config, :http, [:inet6, port: port])}
191 String.replace_leading(url(), "http", "ws")