blob: ee431aa1ba2b27168e507087056628a4f2868ac2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
defmodule MatrixAppServiceWeb.AuthPlug do
@moduledoc """
Implements the Application Service authorization as a Plug.
https://matrix.org/docs/spec/application_service/r0.1.2#authorization
"""
@behaviour Plug
import Plug.Conn
require Logger
@doc false
@impl Plug
def init(homeserver_token) do
homeserver_token
end
@doc false
@impl Plug
def call(%Plug.Conn{params: %{"access_token" => access_token}} = conn, homeserver_token)
when is_binary(homeserver_token) do
verify_access_token(conn, homeserver_token)
end
def call(%Plug.Conn{params: %{"access_token" => access_token}} = conn, homeserver_token)
when is_function(homeserver_token, 0) do
verify_access_token(conn, homeserver_token.())
end
def call(conn, _opts) do
Logger.warn("No homeserver token provided")
respond_error(conn, 401)
end
defp verify_access_token(
%Plug.Conn{params: %{"access_token" => access_token}} = conn,
homeserver_token
)
when access_token == homeserver_token do
conn
end
defp verify_access_token(conn, _homeserver_token) do
Logger.warn("Received invalid homeserver token")
respond_error(conn, 403)
end
defp respond_error(conn, error_code) do
conn
|> put_status(error_code)
|> Phoenix.Controller.put_view(MatrixAppServiceWeb.ErrorView)
|> Phoenix.Controller.render("#{error_code}.json")
|> halt
end
end
|