From 3a4773c3c2bd0bbef244eb519b07208da9108e49 Mon Sep 17 00:00:00 2001
From: dcc <dcc@logografos.com>
Date: Sat, 2 Sep 2023 00:52:52 -0700
Subject: First

---
 .../web/plugs/ensure_user_token_assigns_plug.ex    | 41 ++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex

(limited to 'lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex')

diff --git a/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex b/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex
new file mode 100644
index 0000000..5c57d27
--- /dev/null
+++ b/lib/pleroma/web/plugs/ensure_user_token_assigns_plug.ex
@@ -0,0 +1,41 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug do
+  import Plug.Conn
+
+  alias Pleroma.Helpers.AuthHelper
+  alias Pleroma.User
+  alias Pleroma.Web.OAuth.Token
+
+  @moduledoc "Ensures presence and consistency of :user and :token assigns."
+
+  def init(opts) do
+    opts
+  end
+
+  def call(%{assigns: %{user: %User{id: user_id}} = assigns} = conn, _) do
+    with %Token{user_id: ^user_id} <- assigns[:token] do
+      conn
+    else
+      %Token{} ->
+        # A safety net for abnormal (unexpected) scenario: :token belongs to another user
+        AuthHelper.drop_auth_info(conn)
+
+      _ ->
+        assign(conn, :token, nil)
+    end
+  end
+
+  # App-bound token case (obtained with client_id and client_secret)
+  def call(%{assigns: %{token: %Token{user_id: nil}}} = conn, _) do
+    assign(conn, :user, nil)
+  end
+
+  def call(conn, _) do
+    conn
+    |> assign(:user, nil)
+    |> assign(:token, nil)
+  end
+end
-- 
cgit v1.2.3