pleroma/lib/pleroma/web/mastodon_api/websocket_handler.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do
  require Logger

  alias Pleroma.Repo
  alias Pleroma.User
  alias Pleroma.Web.OAuth.Token
  alias Pleroma.Web.Streamer

  @behaviour :cowboy_websocket

  @streams [
    "public",
    "public:local",
    "public:media",
    "public:local:media",
    "user",
    "user:notification",
    "direct",
    "list",
    "hashtag"
  ]
  @anonymous_streams ["public", "public:local", "hashtag"]

  # Handled by periodic keepalive in Pleroma.Web.Streamer.Ping.
  @timeout :infinity

  def init(%{qs: qs} = req, state) do
    with params <- :cow_qs.parse_qs(qs),
         sec_websocket <- :cowboy_req.header("sec-websocket-protocol", req, nil),
         access_token <- List.keyfind(params, "access_token", 0),
         {_, stream} <- List.keyfind(params, "stream", 0),
         {:ok, user} <- allow_request(stream, [access_token, sec_websocket]),
         topic when is_binary(topic) <- expand_topic(stream, params) do
      {:cowboy_websocket, req, %{user: user, topic: topic}, %{idle_timeout: @timeout}}
    else
      {:error, code} ->
        Logger.debug("#{__MODULE__} denied connection: #{inspect(code)} - #{inspect(req)}")
        {:ok, req} = :cowboy_req.reply(code, req)
        {:ok, req, state}

      error ->
        Logger.debug("#{__MODULE__} denied connection: #{inspect(error)} - #{inspect(req)}")
        {:ok, req} = :cowboy_req.reply(400, req)
        {:ok, req, state}
    end
  end

  def websocket_init(state) do
    send(self(), :subscribe)
    {:ok, state}
  end

  # We never receive messages.
  def websocket_handle(_frame, state) do
    {:ok, state}
  end

  def websocket_info(:subscribe, state) do
    Logger.debug(
      "#{__MODULE__} accepted websocket connection for user #{
        (state.user || %{id: "anonymous"}).id
      }, topic #{state.topic}"
    )

    Streamer.add_socket(state.topic, streamer_socket(state))
    {:ok, state}
  end

  def websocket_info({:text, message}, state) do
    {:reply, {:text, message}, state}
  end

  def terminate(reason, _req, state) do
    Logger.debug(
      "#{__MODULE__} terminating websocket connection for user #{
        (state.user || %{id: "anonymous"}).id
      }, topic #{state.topic || "?"}: #{inspect(reason)}"
    )

    Streamer.remove_socket(state.topic, streamer_socket(state))
    :ok
  end

  # Public streams without authentication.
  defp allow_request(stream, [nil, nil]) when stream in @anonymous_streams do
    {:ok, nil}
  end

  # Authenticated streams.
  defp allow_request(stream, [access_token, sec_websocket]) when stream in @streams do
    token =
      with {"access_token", token} <- access_token do
        token
      else
        _ -> sec_websocket
      end

    with true <- is_bitstring(token),
         %Token{user_id: user_id} <- Repo.get_by(Token, token: token),
         user = %User{} <- User.get_cached_by_id(user_id) do
      {:ok, user}
    else
      _ -> {:error, 403}
    end
  end

  # Not authenticated.
  defp allow_request(stream, _) when stream in @streams, do: {:error, 403}

  # No matching stream.
  defp allow_request(_, _), do: {:error, 404}

  defp expand_topic("hashtag", params) do
    case List.keyfind(params, "tag", 0) do
      {_, tag} -> "hashtag:#{tag}"
      _ -> nil
    end
  end

  defp expand_topic("list", params) do
    case List.keyfind(params, "list", 0) do
      {_, list} -> "list:#{list}"
      _ -> nil
    end
  end

  defp expand_topic(topic, _), do: topic

  defp streamer_socket(state) do
    %{transport_pid: self(), assigns: state}
  end
end
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# Pleroma: A lightweight social networking server`
update copyright years to 2019 2018-12-31 16:41:47 +01:00			`# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 21:04:54 +01:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do`
			`require Logger`

de-group alias/es 2019-02-09 16:16:26 +01:00			`alias Pleroma.Repo`
			`alias Pleroma.User`
[Credo] fix Credo.Check.Readability.AliasOrder 2019-03-05 03:52:23 +01:00			`alias Pleroma.Web.OAuth.Token`
Revert "Merge branch 'revert-4fabf83a' into 'develop'" This reverts commit fe7fd331263007e0fb2877ef7370a09a9704da36, reversing changes made to 4fabf83ad01352442906d79187aeab4c777f4df8. 2019-09-16 12:03:37 +02:00			`alias Pleroma.Web.Streamer`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00
mastodon api: websocket: update code for cowboy 2.x 2019-02-28 16:17:01 +01:00			`@behaviour :cowboy_websocket`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00
			`@streams [`
			`"public",`
			`"public:local",`
			`"public:media",`
			`"public:local:media",`
			`"user",`
[#570] add user:notification stream 2019-06-16 12:33:25 +02:00			`"user:notification",`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`"direct",`
			`"list",`
			`"hashtag"`
			`]`
			`@anonymous_streams ["public", "public:local", "hashtag"]`

Revert "Merge branch 'revert-4fabf83a' into 'develop'" This reverts commit fe7fd331263007e0fb2877ef7370a09a9704da36, reversing changes made to 4fabf83ad01352442906d79187aeab4c777f4df8. 2019-09-16 12:03:37 +02:00			`# Handled by periodic keepalive in Pleroma.Web.Streamer.Ping.`
mastodon websocket: bring back infinity timeout 2019-02-28 17:23:24 +01:00			`@timeout :infinity`

			`def init(%{qs: qs} = req, state) do`
mastodon websocket: use pattern match to get query data, robustly handle errors 2019-02-28 17:02:48 +01:00			`with params <- :cow_qs.parse_qs(qs),`
MastoAPI Streaming: Keep compatibility with access_token 2019-07-06 20:26:08 +02:00			`sec_websocket <- :cowboy_req.header("sec-websocket-protocol", req, nil),`
			`access_token <- List.keyfind(params, "access_token", 0),`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`{_, stream} <- List.keyfind(params, "stream", 0),`
MastoAPI Streaming: Keep compatibility with access_token 2019-07-06 20:26:08 +02:00			`{:ok, user} <- allow_request(stream, [access_token, sec_websocket]),`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`topic when is_binary(topic) <- expand_topic(stream, params) do`
mastodon websocket: bring back infinity timeout 2019-02-28 17:23:24 +01:00			`{:cowboy_websocket, req, %{user: user, topic: topic}, %{idle_timeout: @timeout}}`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`else`
			`{:error, code} ->`
			`Logger.debug("#{__MODULE__} denied connection: #{inspect(code)} - #{inspect(req)}")`
			`{:ok, req} = :cowboy_req.reply(code, req)`
mastodon websocket: return errors using ok, not stop 2019-02-28 17:23:55 +01:00			`{:ok, req, state}`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00
			`error ->`
			`Logger.debug("#{__MODULE__} denied connection: #{inspect(error)} - #{inspect(req)}")`
mastodon websocket: use pattern match to get query data, robustly handle errors 2019-02-28 17:02:48 +01:00			`{:ok, req} = :cowboy_req.reply(400, req)`
mastodon websocket: return errors using ok, not stop 2019-02-28 17:23:55 +01:00			`{:ok, req, state}`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`end`
			`end`

mastodon api: websocket: update code for cowboy 2.x 2019-02-28 16:17:01 +01:00			`def websocket_init(state) do`
			`send(self(), :subscribe)`
			`{:ok, state}`
			`end`

Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`# We never receive messages.`
mastodon api: websocket: update code for cowboy 2.x 2019-02-28 16:17:01 +01:00			`def websocket_handle(_frame, state) do`
			`{:ok, state}`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`end`

mastodon api: websocket: update code for cowboy 2.x 2019-02-28 16:17:01 +01:00			`def websocket_info(:subscribe, state) do`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`Logger.debug(`
			`"#{__MODULE__} accepted websocket connection for user #{`
			`(state.user \|\| %{id: "anonymous"}).id`
			`}, topic #{state.topic}"`
			`)`

Revert "Merge branch 'revert-4fabf83a' into 'develop'" This reverts commit fe7fd331263007e0fb2877ef7370a09a9704da36, reversing changes made to 4fabf83ad01352442906d79187aeab4c777f4df8. 2019-09-16 12:03:37 +02:00			`Streamer.add_socket(state.topic, streamer_socket(state))`
mastodon api: websocket: update code for cowboy 2.x 2019-02-28 16:17:01 +01:00			`{:ok, state}`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`end`

mastodon api: websocket: update code for cowboy 2.x 2019-02-28 16:17:01 +01:00			`def websocket_info({:text, message}, state) do`
			`{:reply, {:text, message}, state}`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`end`

mastodon api: websocket: update code for cowboy 2.x 2019-02-28 16:17:01 +01:00			`def terminate(reason, _req, state) do`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`Logger.debug(`
			`"#{__MODULE__} terminating websocket connection for user #{`
			`(state.user \|\| %{id: "anonymous"}).id`
			`}, topic #{state.topic \|\| "?"}: #{inspect(reason)}"`
			`)`

Revert "Merge branch 'revert-4fabf83a' into 'develop'" This reverts commit fe7fd331263007e0fb2877ef7370a09a9704da36, reversing changes made to 4fabf83ad01352442906d79187aeab4c777f4df8. 2019-09-16 12:03:37 +02:00			`Streamer.remove_socket(state.topic, streamer_socket(state))`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`:ok`
			`end`

			`# Public streams without authentication.`
MastoAPI Streaming: Keep compatibility with access_token 2019-07-06 20:26:08 +02:00			`defp allow_request(stream, [nil, nil]) when stream in @anonymous_streams do`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`{:ok, nil}`
			`end`

			`# Authenticated streams.`
MastoAPI Streaming: Keep compatibility with access_token 2019-07-06 20:26:08 +02:00			`defp allow_request(stream, [access_token, sec_websocket]) when stream in @streams do`
			`token =`
			`with {"access_token", token} <- access_token do`
			`token`
			`else`
			`_ -> sec_websocket`
			`end`

			`with true <- is_bitstring(token),`
			`%Token{user_id: user_id} <- Repo.get_by(Token, token: token),`
Use `User.get_cached*` everywhere 2019-04-22 09:20:43 +02:00			`user = %User{} <- User.get_cached_by_id(user_id) do`
Cowboy handler for Mastodon WebSocket 2018-12-17 14:39:59 +01:00			`{:ok, user}`
			`else`
			`_ -> {:error, 403}`
			`end`
			`end`

			`# Not authenticated.`
			`defp allow_request(stream, _) when stream in @streams, do: {:error, 403}`

			`# No matching stream.`
			`defp allow_request(_, _), do: {:error, 404}`

			`defp expand_topic("hashtag", params) do`
			`case List.keyfind(params, "tag", 0) do`
			`{_, tag} -> "hashtag:#{tag}"`
			`_ -> nil`
			`end`
			`end`

			`defp expand_topic("list", params) do`
			`case List.keyfind(params, "list", 0) do`
			`{_, list} -> "list:#{list}"`
			`_ -> nil`
			`end`
			`end`

			`defp expand_topic(topic, _), do: topic`

			`defp streamer_socket(state) do`
			`%{transport_pid: self(), assigns: state}`
			`end`
			`end`