Add extra warnings if the uploader is on the same domain as the main application
This commit is contained in:
parent
2d439034ca
commit
4cd299bd83
2 changed files with 56 additions and 1 deletions
|
@ -39,6 +39,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- our litepub JSON-LD schema is now served with the correct content type
|
||||
- remote APNG attachments are now recognised as images
|
||||
|
||||
## Upgrade Notes
|
||||
|
||||
- As mentioned in "Changed", `Pleroma.Upload, :base_url` **MUST** be configured. Uploads will fail without it.
|
||||
- Same with media proxy.
|
||||
|
||||
## 2024.02
|
||||
|
||||
## Added
|
||||
|
|
|
@ -182,7 +182,9 @@ def warn do
|
|||
check_quarantined_instances_tuples(),
|
||||
check_transparency_exclusions_tuples(),
|
||||
check_simple_policy_tuples(),
|
||||
check_http_adapter()
|
||||
check_http_adapter(),
|
||||
check_uploader_base_url_set(),
|
||||
check_uploader_base_url_is_not_base_domain()
|
||||
]
|
||||
|> Enum.reduce(:ok, fn
|
||||
:ok, :ok -> :ok
|
||||
|
@ -337,4 +339,52 @@ def check_uploders_s3_public_endpoint do
|
|||
:ok
|
||||
end
|
||||
end
|
||||
|
||||
def check_uploader_base_url_set() do
|
||||
base_url = Pleroma.Config.get([Pleroma.Upload, :base_url])
|
||||
|
||||
if base_url do
|
||||
:ok
|
||||
else
|
||||
Logger.error("""
|
||||
!!!WARNING!!!
|
||||
Your config does not specify a base_url for uploads!
|
||||
Please make the following change:\n
|
||||
\n* `config :pleroma, Pleroma.Upload, base_url: "https://example.com/media/`
|
||||
\n
|
||||
\nPlease note that it is HEAVILY recommended to use a subdomain to host user-uploaded media!
|
||||
""")
|
||||
|
||||
:error
|
||||
end
|
||||
end
|
||||
|
||||
def check_uploader_base_url_is_not_base_domain() do
|
||||
uploader_host =
|
||||
[Pleroma.Upload, :base_url]
|
||||
|> Pleroma.Config.get()
|
||||
|> URI.parse()
|
||||
|> Map.get(:host)
|
||||
|
||||
akkoma_host =
|
||||
[Pleroma.Web.Endpoint, :url]
|
||||
|> Pleroma.Config.get()
|
||||
|> IO.inspect()
|
||||
|> Keyword.get(:host)
|
||||
|
||||
if uploader_host == akkoma_host do
|
||||
Logger.error("""
|
||||
!!!WARNING!!!
|
||||
Your Akkoma Host and your Upload base_url's host are the same!
|
||||
This can potentially be insecure!
|
||||
|
||||
It is HIGHLY recommended that you migrate your media uploads
|
||||
to a subdomain at your earliest convenience
|
||||
""")
|
||||
|
||||
:error
|
||||
else
|
||||
:ok
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue