blob: 19f8c21c9ddfa1409aff549bd123e0a1f220a162 (
plain) (
tree)
|
|
defmodule MatrixAppServiceWeb.AuthPlug do
@moduledoc """
Implements the Application Service authorization as a Plug.
https://matrix.org/docs/spec/application_service/r0.1.2#authorization
"""
@behaviour Plug
import Plug.Conn
require Logger
@doc false
@impl Plug
def init(opts) do
opts
end
@doc false
@impl Plug
def call(%Plug.Conn{params: %{"access_token" => access_token}} = conn, homeserver_token)
when access_token == homeserver_token do
conn
end
def call(%Plug.Conn{params: %{"access_token" => _access_token}} = conn, _homeserver_token) do
Logger.warn("Received invalid homeserver token")
respond_error(conn, 403)
end
def call(conn, _opts) do
Logger.warn("No homeserver token provided")
respond_error(conn, 401)
end
defp respond_error(conn, error_code) do
conn
|> put_status(error_code)
|> Phoenix.Controller.put_view(MatrixAppServiceWeb.ErrorView)
|> Phoenix.Controller.render("#{error_code}.json")
|> halt
end
end
|