mastodon-glitch/app/controllers/concerns/web_app_controller_concern.rb

# frozen_string_literal: true

module WebAppControllerConcern
  extend ActiveSupport::Concern

  included do
    vary_by 'Accept, Accept-Language, Cookie'

    before_action :redirect_unauthenticated_to_permalinks!
    before_action :set_app_body_class

    content_security_policy do |p|
      policy = ContentSecurityPolicy.new

      if policy.sso_host.present?
        p.form_action policy.sso_host, -> { "https://#{request.host}/auth/auth/" }
      else
        p.form_action :none
      end
    end
  end

  def skip_csrf_meta_tags?
    !(ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1) && current_user.nil?
  end

  def set_app_body_class
    @body_classes = 'app-body'
  end

  def redirect_unauthenticated_to_permalinks!
    return if user_signed_in? # NOTE: Different from upstream because we allow moved users to log in

    permalink_redirector = PermalinkRedirector.new(request.original_fullpath)
    return if permalink_redirector.redirect_path.blank?

    expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?

    respond_to do |format|
      format.html do
        redirect_to(permalink_redirector.redirect_confirmation_path, allow_other_host: false)
      end

      format.json do
        redirect_to(permalink_redirector.redirect_uri, allow_other_host: true)
      end
    end
  end
end
Change public statuses pages to mount the web UI (#19301) 2022-10-06 00:26:34 +00:00			`# frozen_string_literal: true`

			`module WebAppControllerConcern`
			`extend ActiveSupport::Concern`

			`included do`
Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604) 2023-04-23 20:27:24 +00:00			`vary_by 'Accept, Accept-Language, Cookie'`
Fix Vary headers not being set on some redirects (#27272) 2023-10-05 07:50:08 +00:00
			`before_action :redirect_unauthenticated_to_permalinks!`
Change public accounts pages to mount the web UI (#19319) * Change public accounts pages to mount the web UI * Fix handling of remote usernames in routes - When logged in, serve web app - When logged out, redirect to permalink - Fix `app-body` class not being set sometimes due to name conflict * Fix missing `multiColumn` prop * Fix failing test * Use `discoverable` attribute to control indexing directives * Fix `<ColumnLoading />` not using `multiColumn` * Add `noindex` to accounts in REST API * Change noindex directive to not be rendered by default before a route is mounted * Add loading indicator for detailed status in web UI * Fix missing indicator appearing while account is loading in web UI 2022-10-20 12:35:29 +00:00			`before_action :set_app_body_class`
Change form-action Content-Security-Policy directive to be more restrictive (#26897) 2024-09-12 13:24:19 +00:00
			`content_security_policy do \|p\|`
			`policy = ContentSecurityPolicy.new`

			`if policy.sso_host.present?`
Fix Content-Security-Policy when using sso-redirect (#32241) 2024-10-04 08:50:36 +00:00			`p.form_action policy.sso_host, -> { "https://#{request.host}/auth/auth/" }`
Change form-action Content-Security-Policy directive to be more restrictive (#26897) 2024-09-12 13:24:19 +00:00			`else`
			`p.form_action :none`
			`end`
			`end`
Change public statuses pages to mount the web UI (#19301) 2022-10-06 00:26:34 +00:00			`end`

Fix anonymous visitors getting a session cookie on first visit (#24584) 2023-04-25 14:51:38 +00:00			`def skip_csrf_meta_tags?`
Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857) 2023-09-12 11:04:51 +00:00			`!(ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1) && current_user.nil?`
Change public statuses pages to mount the web UI (#19301) 2022-10-06 00:26:34 +00:00			`end`

Change public accounts pages to mount the web UI (#19319) * Change public accounts pages to mount the web UI * Fix handling of remote usernames in routes - When logged in, serve web app - When logged out, redirect to permalink - Fix `app-body` class not being set sometimes due to name conflict * Fix missing `multiColumn` prop * Fix failing test * Use `discoverable` attribute to control indexing directives * Fix `<ColumnLoading />` not using `multiColumn` * Add `noindex` to accounts in REST API * Change noindex directive to not be rendered by default before a route is mounted * Add loading indicator for detailed status in web UI * Fix missing indicator appearing while account is loading in web UI 2022-10-20 12:35:29 +00:00			`def set_app_body_class`
Change public statuses pages to mount the web UI (#19301) 2022-10-06 00:26:34 +00:00			`@body_classes = 'app-body'`
			`end`

Change public accounts pages to mount the web UI (#19319) * Change public accounts pages to mount the web UI * Fix handling of remote usernames in routes - When logged in, serve web app - When logged out, redirect to permalink - Fix `app-body` class not being set sometimes due to name conflict * Fix missing `multiColumn` prop * Fix failing test * Use `discoverable` attribute to control indexing directives * Fix `<ColumnLoading />` not using `multiColumn` * Add `noindex` to accounts in REST API * Change noindex directive to not be rendered by default before a route is mounted * Add loading indicator for detailed status in web UI * Fix missing indicator appearing while account is loading in web UI 2022-10-20 12:35:29 +00:00			`def redirect_unauthenticated_to_permalinks!`
Merge branch 'main' into glitch-soc/merge-upstream Conflicts: - `README.md`: Upstream updated its README, while we have a completely different one. Kept our README. - `app/controllers/concerns/web_app_controller_concern.rb`: Conflict because of glitch-soc's theming system. Additionally, glitch-soc has different behavior regarding moved accounts. Ported some of the changes, but kept our overall behavior. - `app/javascript/packs/admin.js`: Code changes actually applied to `app/javascript/core/admin.js` 2023-01-05 13:16:25 +00:00			`return if user_signed_in? # NOTE: Different from upstream because we allow moved users to log in`
Change public accounts pages to mount the web UI (#19319) * Change public accounts pages to mount the web UI * Fix handling of remote usernames in routes - When logged in, serve web app - When logged out, redirect to permalink - Fix `app-body` class not being set sometimes due to name conflict * Fix missing `multiColumn` prop * Fix failing test * Use `discoverable` attribute to control indexing directives * Fix `<ColumnLoading />` not using `multiColumn` * Add `noindex` to accounts in REST API * Change noindex directive to not be rendered by default before a route is mounted * Add loading indicator for detailed status in web UI * Fix missing indicator appearing while account is loading in web UI 2022-10-20 12:35:29 +00:00
Fix search params being dropped when redirected to non-deck path (#31984) 2024-09-25 13:35:37 +00:00			`permalink_redirector = PermalinkRedirector.new(request.original_fullpath)`
Add confirmation when redirecting logged-out requests to permalink (#27792) Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2024-01-24 10:49:19 +00:00			`return if permalink_redirector.redirect_path.blank?`
Change public accounts pages to mount the web UI (#19319) * Change public accounts pages to mount the web UI * Fix handling of remote usernames in routes - When logged in, serve web app - When logged out, redirect to permalink - Fix `app-body` class not being set sometimes due to name conflict * Fix missing `multiColumn` prop * Fix failing test * Use `discoverable` attribute to control indexing directives * Fix `<ColumnLoading />` not using `multiColumn` * Add `noindex` to accounts in REST API * Change noindex directive to not be rendered by default before a route is mounted * Add loading indicator for detailed status in web UI * Fix missing indicator appearing while account is loading in web UI 2022-10-20 12:35:29 +00:00
Fix Vary headers not being set on some redirects (#27272) 2023-10-05 07:50:08 +00:00			`expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?`
Add confirmation when redirecting logged-out requests to permalink (#27792) Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2024-01-24 10:49:19 +00:00
			`respond_to do \|format\|`
			`format.html do`
			`redirect_to(permalink_redirector.redirect_confirmation_path, allow_other_host: false)`
			`end`

			`format.json do`
			`redirect_to(permalink_redirector.redirect_uri, allow_other_host: true)`
			`end`
			`end`
Change public accounts pages to mount the web UI (#19319) * Change public accounts pages to mount the web UI * Fix handling of remote usernames in routes - When logged in, serve web app - When logged out, redirect to permalink - Fix `app-body` class not being set sometimes due to name conflict * Fix missing `multiColumn` prop * Fix failing test * Use `discoverable` attribute to control indexing directives * Fix `<ColumnLoading />` not using `multiColumn` * Add `noindex` to accounts in REST API * Change noindex directive to not be rendered by default before a route is mounted * Add loading indicator for detailed status in web UI * Fix missing indicator appearing while account is loading in web UI 2022-10-20 12:35:29 +00:00			`end`
Change public statuses pages to mount the web UI (#19301) 2022-10-06 00:26:34 +00:00			`end`