Merge branch 'develop' into stable
Some checks are pending
ci/woodpecker/tag/build-amd64 Pipeline is pending
ci/woodpecker/tag/build-arm64 Pipeline is pending
ci/woodpecker/tag/docs Pipeline is pending
ci/woodpecker/tag/lint Pipeline is pending
ci/woodpecker/tag/test Pipeline is pending
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
Some checks are pending
ci/woodpecker/tag/build-amd64 Pipeline is pending
ci/woodpecker/tag/build-arm64 Pipeline is pending
ci/woodpecker/tag/docs Pipeline is pending
ci/woodpecker/tag/lint Pipeline is pending
ci/woodpecker/tag/test Pipeline is pending
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/build-arm64 Pipeline was successful
ci/woodpecker/push/build-amd64 Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
This commit is contained in:
commit
26a91d5c9e
9 changed files with 130 additions and 6 deletions
|
@ -39,6 +39,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- our litepub JSON-LD schema is now served with the correct content type
|
||||
- remote APNG attachments are now recognised as images
|
||||
|
||||
## Upgrade Notes
|
||||
|
||||
- As mentioned in "Changed", `Pleroma.Upload, :base_url` **MUST** be configured. Uploads will fail without it.
|
||||
- Akkoma will refuse to start if this is not set.
|
||||
- Same with media proxy.
|
||||
|
||||
## 2024.02
|
||||
|
||||
## Added
|
||||
|
|
|
@ -100,9 +100,9 @@
|
|||
label: "Base URL",
|
||||
type: :string,
|
||||
description:
|
||||
"Base URL for the uploads. Required if you use a CDN or host attachments under a different domain.",
|
||||
"Base URL for the uploads. Required if you use a CDN or host attachments under a different domain - it is HIGHLY recommended that you **do not** set this to be the same as the domain akkoma is hosted on.",
|
||||
suggestions: [
|
||||
"https://cdn-host.com"
|
||||
"https://media.akkoma.dev/media/"
|
||||
]
|
||||
},
|
||||
%{
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
config :pleroma, :auth, oauth_consumer_strategies: []
|
||||
|
||||
config :pleroma, Pleroma.Upload,
|
||||
base_url: "http://localhost:4001/media/",
|
||||
filters: [],
|
||||
link_name: false
|
||||
|
||||
|
|
|
@ -602,7 +602,7 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th
|
|||
* `filters`: List of [upload filters](#upload-filters) to use.
|
||||
* `link_name`: When enabled Akkoma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers
|
||||
* `base_url`: The base URL to access a user-uploaded file; MUST be configured explicitly.
|
||||
Using a (sub)domain distinct from the instance endpoint is **strongly** recommended.
|
||||
Using a (sub)domain distinct from the instance endpoint is **strongly** recommended. A good value might be `https://media.myakkoma.instance/media/`.
|
||||
* `proxy_remote`: If you're using a remote uploader, Akkoma will proxy media requests instead of redirecting to it.
|
||||
* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
|
||||
* `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
|
||||
|
|
|
@ -182,7 +182,9 @@ def warn do
|
|||
check_quarantined_instances_tuples(),
|
||||
check_transparency_exclusions_tuples(),
|
||||
check_simple_policy_tuples(),
|
||||
check_http_adapter()
|
||||
check_http_adapter(),
|
||||
check_uploader_base_url_set(),
|
||||
check_uploader_base_url_is_not_base_domain()
|
||||
]
|
||||
|> Enum.reduce(:ok, fn
|
||||
:ok, :ok -> :ok
|
||||
|
@ -337,4 +339,54 @@ def check_uploders_s3_public_endpoint do
|
|||
:ok
|
||||
end
|
||||
end
|
||||
|
||||
def check_uploader_base_url_set() do
|
||||
uses_local_uploader? = Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.Local
|
||||
base_url = Pleroma.Config.get([Pleroma.Upload, :base_url])
|
||||
|
||||
if base_url || !uses_local_uploader? do
|
||||
:ok
|
||||
else
|
||||
Logger.error("""
|
||||
!!!WARNING!!!
|
||||
Your config does not specify a base_url for uploads!
|
||||
Please make the following change:\n
|
||||
\n* `config :pleroma, Pleroma.Upload, base_url: "https://example.com/media/`
|
||||
\n
|
||||
\nPlease note that it is HEAVILY recommended to use a subdomain to host user-uploaded media!
|
||||
""")
|
||||
|
||||
# This is a hard exit - the uploader will not work without a base_url
|
||||
raise ArgumentError, message: "No base_url set for uploads - please set one in your config!"
|
||||
end
|
||||
end
|
||||
|
||||
def check_uploader_base_url_is_not_base_domain() do
|
||||
uses_local_uploader? = Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.Local
|
||||
|
||||
uploader_host =
|
||||
[Pleroma.Upload, :base_url]
|
||||
|> Pleroma.Config.get()
|
||||
|> URI.parse()
|
||||
|> Map.get(:host)
|
||||
|
||||
akkoma_host =
|
||||
[Pleroma.Web.Endpoint, :url]
|
||||
|> Pleroma.Config.get()
|
||||
|> Keyword.get(:host)
|
||||
|
||||
if uploader_host == akkoma_host && uses_local_uploader? do
|
||||
Logger.error("""
|
||||
!!!WARNING!!!
|
||||
Your Akkoma Host and your Upload base_url's host are the same!
|
||||
This can potentially be insecure!
|
||||
|
||||
It is HIGHLY recommended that you migrate your media uploads
|
||||
to a subdomain at your earliest convenience
|
||||
""")
|
||||
end
|
||||
|
||||
# This isn't actually an error condition, just a warning
|
||||
:ok
|
||||
end
|
||||
end
|
||||
|
|
2
mix.exs
2
mix.exs
|
@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
|
|||
def project do
|
||||
[
|
||||
app: :pleroma,
|
||||
version: version("3.12.0"),
|
||||
version: version("3.12.2"),
|
||||
elixir: "~> 1.14",
|
||||
elixirc_paths: elixirc_paths(Mix.env()),
|
||||
compilers: Mix.compilers(),
|
||||
|
|
|
@ -289,4 +289,64 @@ test "check_http_adapter/0" do
|
|||
|
||||
Application.put_env(:tesla, :adapter, Tesla.Mock)
|
||||
end
|
||||
|
||||
describe "check_uploader_base_url_set/0" do
|
||||
test "should error if the base_url is not set" do
|
||||
clear_config([Pleroma.Upload, :base_url], nil)
|
||||
|
||||
# we need to capture the error
|
||||
assert_raise ArgumentError, fn ->
|
||||
assert capture_log(fn ->
|
||||
DeprecationWarnings.check_uploader_base_url_set()
|
||||
end) =~ "Your config does not specify a base_url for uploads!"
|
||||
end
|
||||
end
|
||||
|
||||
test "should not error if the base_url is set" do
|
||||
clear_config([Pleroma.Upload, :base_url], "https://example.com")
|
||||
|
||||
refute capture_log(fn ->
|
||||
DeprecationWarnings.check_uploader_base_url_set()
|
||||
end) =~ "Your config does not specify a base_url for uploads!"
|
||||
end
|
||||
|
||||
test "should not error if local uploader is not used" do
|
||||
clear_config([Pleroma.Upload, :base_url], nil)
|
||||
clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.S3)
|
||||
|
||||
refute capture_log(fn ->
|
||||
DeprecationWarnings.check_uploader_base_url_set()
|
||||
end) =~ "Your config does not specify a base_url for uploads!"
|
||||
end
|
||||
end
|
||||
|
||||
describe "check_uploader_base_url_is_not_base_domain/0" do
|
||||
test "should error if the akkoma domain is the same as the upload domain" do
|
||||
clear_config([Pleroma.Upload, :base_url], "http://localhost")
|
||||
|
||||
assert capture_log(fn ->
|
||||
DeprecationWarnings.check_uploader_base_url_is_not_base_domain()
|
||||
end) =~ "Your Akkoma Host and your Upload base_url's host are the same!"
|
||||
end
|
||||
|
||||
test "should not error if the local uploader is not used" do
|
||||
clear_config([Pleroma.Upload, :base_url], "http://localhost")
|
||||
clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.S3)
|
||||
|
||||
refute capture_log(fn ->
|
||||
DeprecationWarnings.check_uploader_base_url_is_not_base_domain()
|
||||
end) =~ "Your Akkoma Host and your Upload base_url's host are the same!"
|
||||
end
|
||||
|
||||
test "should not error if the akkoma domain is different from the upload domain" do
|
||||
clear_config([Pleroma.Upload, :base_url], "https://media.localhost")
|
||||
clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
|
||||
|
||||
refute capture_log(fn ->
|
||||
DeprecationWarnings.check_uploader_base_url_is_not_base_domain()
|
||||
end) =~ "Your Akkoma Host and your Upload base_url's host are the same!"
|
||||
|
||||
clear_config([Pleroma.Upload, :base_url])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
|
||||
use Pleroma.DataCase
|
||||
use Pleroma.DataCase, async: false
|
||||
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.Emoji
|
||||
|
@ -60,6 +60,9 @@ defmacro mock_tesla(
|
|||
|
||||
emoji_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/stolen")
|
||||
|
||||
emoji_base_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/")
|
||||
File.mkdir_p(emoji_base_path)
|
||||
|
||||
Emoji.reload()
|
||||
|
||||
message = %{
|
||||
|
|
|
@ -7,6 +7,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
|
|||
|
||||
alias Plug.Conn
|
||||
|
||||
setup_all do: clear_config([Pleroma.Upload, :base_url], nil)
|
||||
|
||||
describe "http security enabled" do
|
||||
setup do: clear_config([:http_security, :enabled], true)
|
||||
|
||||
|
|
Loading…
Reference in a new issue