Merge branch 'develop' into stable
Some checks are pending
ci/woodpecker/tag/build-amd64 Pipeline is pending
ci/woodpecker/tag/build-arm64 Pipeline is pending
ci/woodpecker/tag/docs Pipeline is pending
ci/woodpecker/tag/lint Pipeline is pending
ci/woodpecker/tag/test Pipeline is pending
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful

This commit is contained in:
FloatingGhost 2024-04-02 14:49:23 +01:00
commit 26a91d5c9e
9 changed files with 130 additions and 6 deletions

View file

@ -39,6 +39,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- our litepub JSON-LD schema is now served with the correct content type
- remote APNG attachments are now recognised as images
## Upgrade Notes
- As mentioned in "Changed", `Pleroma.Upload, :base_url` **MUST** be configured. Uploads will fail without it.
- Akkoma will refuse to start if this is not set.
- Same with media proxy.
## 2024.02
## Added

View file

@ -100,9 +100,9 @@
label: "Base URL",
type: :string,
description:
"Base URL for the uploads. Required if you use a CDN or host attachments under a different domain.",
"Base URL for the uploads. Required if you use a CDN or host attachments under a different domain - it is HIGHLY recommended that you **do not** set this to be the same as the domain akkoma is hosted on.",
suggestions: [
"https://cdn-host.com"
"https://media.akkoma.dev/media/"
]
},
%{

View file

@ -22,6 +22,7 @@
config :pleroma, :auth, oauth_consumer_strategies: []
config :pleroma, Pleroma.Upload,
base_url: "http://localhost:4001/media/",
filters: [],
link_name: false

View file

@ -602,7 +602,7 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th
* `filters`: List of [upload filters](#upload-filters) to use.
* `link_name`: When enabled Akkoma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers
* `base_url`: The base URL to access a user-uploaded file; MUST be configured explicitly.
Using a (sub)domain distinct from the instance endpoint is **strongly** recommended.
Using a (sub)domain distinct from the instance endpoint is **strongly** recommended. A good value might be `https://media.myakkoma.instance/media/`.
* `proxy_remote`: If you're using a remote uploader, Akkoma will proxy media requests instead of redirecting to it.
* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
* `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.

View file

@ -182,7 +182,9 @@ def warn do
check_quarantined_instances_tuples(),
check_transparency_exclusions_tuples(),
check_simple_policy_tuples(),
check_http_adapter()
check_http_adapter(),
check_uploader_base_url_set(),
check_uploader_base_url_is_not_base_domain()
]
|> Enum.reduce(:ok, fn
:ok, :ok -> :ok
@ -337,4 +339,54 @@ def check_uploders_s3_public_endpoint do
:ok
end
end
def check_uploader_base_url_set() do
uses_local_uploader? = Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.Local
base_url = Pleroma.Config.get([Pleroma.Upload, :base_url])
if base_url || !uses_local_uploader? do
:ok
else
Logger.error("""
!!!WARNING!!!
Your config does not specify a base_url for uploads!
Please make the following change:\n
\n* `config :pleroma, Pleroma.Upload, base_url: "https://example.com/media/`
\n
\nPlease note that it is HEAVILY recommended to use a subdomain to host user-uploaded media!
""")
# This is a hard exit - the uploader will not work without a base_url
raise ArgumentError, message: "No base_url set for uploads - please set one in your config!"
end
end
def check_uploader_base_url_is_not_base_domain() do
uses_local_uploader? = Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.Local
uploader_host =
[Pleroma.Upload, :base_url]
|> Pleroma.Config.get()
|> URI.parse()
|> Map.get(:host)
akkoma_host =
[Pleroma.Web.Endpoint, :url]
|> Pleroma.Config.get()
|> Keyword.get(:host)
if uploader_host == akkoma_host && uses_local_uploader? do
Logger.error("""
!!!WARNING!!!
Your Akkoma Host and your Upload base_url's host are the same!
This can potentially be insecure!
It is HIGHLY recommended that you migrate your media uploads
to a subdomain at your earliest convenience
""")
end
# This isn't actually an error condition, just a warning
:ok
end
end

View file

@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
def project do
[
app: :pleroma,
version: version("3.12.0"),
version: version("3.12.2"),
elixir: "~> 1.14",
elixirc_paths: elixirc_paths(Mix.env()),
compilers: Mix.compilers(),

View file

@ -289,4 +289,64 @@ test "check_http_adapter/0" do
Application.put_env(:tesla, :adapter, Tesla.Mock)
end
describe "check_uploader_base_url_set/0" do
test "should error if the base_url is not set" do
clear_config([Pleroma.Upload, :base_url], nil)
# we need to capture the error
assert_raise ArgumentError, fn ->
assert capture_log(fn ->
DeprecationWarnings.check_uploader_base_url_set()
end) =~ "Your config does not specify a base_url for uploads!"
end
end
test "should not error if the base_url is set" do
clear_config([Pleroma.Upload, :base_url], "https://example.com")
refute capture_log(fn ->
DeprecationWarnings.check_uploader_base_url_set()
end) =~ "Your config does not specify a base_url for uploads!"
end
test "should not error if local uploader is not used" do
clear_config([Pleroma.Upload, :base_url], nil)
clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.S3)
refute capture_log(fn ->
DeprecationWarnings.check_uploader_base_url_set()
end) =~ "Your config does not specify a base_url for uploads!"
end
end
describe "check_uploader_base_url_is_not_base_domain/0" do
test "should error if the akkoma domain is the same as the upload domain" do
clear_config([Pleroma.Upload, :base_url], "http://localhost")
assert capture_log(fn ->
DeprecationWarnings.check_uploader_base_url_is_not_base_domain()
end) =~ "Your Akkoma Host and your Upload base_url's host are the same!"
end
test "should not error if the local uploader is not used" do
clear_config([Pleroma.Upload, :base_url], "http://localhost")
clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.S3)
refute capture_log(fn ->
DeprecationWarnings.check_uploader_base_url_is_not_base_domain()
end) =~ "Your Akkoma Host and your Upload base_url's host are the same!"
end
test "should not error if the akkoma domain is different from the upload domain" do
clear_config([Pleroma.Upload, :base_url], "https://media.localhost")
clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
refute capture_log(fn ->
DeprecationWarnings.check_uploader_base_url_is_not_base_domain()
end) =~ "Your Akkoma Host and your Upload base_url's host are the same!"
clear_config([Pleroma.Upload, :base_url])
end
end
end

View file

@ -3,7 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
use Pleroma.DataCase
use Pleroma.DataCase, async: false
alias Pleroma.Config
alias Pleroma.Emoji
@ -60,6 +60,9 @@ defmacro mock_tesla(
emoji_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/stolen")
emoji_base_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/")
File.mkdir_p(emoji_base_path)
Emoji.reload()
message = %{

View file

@ -7,6 +7,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
alias Plug.Conn
setup_all do: clear_config([Pleroma.Upload, :base_url], nil)
describe "http security enabled" do
setup do: clear_config([:http_security, :enabled], true)