Add extra warnings if the uploader is on the same domain as the main application
This commit is contained in:
parent
2d439034ca
commit
4cd299bd83
2 changed files with 56 additions and 1 deletions
|
@ -39,6 +39,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- our litepub JSON-LD schema is now served with the correct content type
|
- our litepub JSON-LD schema is now served with the correct content type
|
||||||
- remote APNG attachments are now recognised as images
|
- remote APNG attachments are now recognised as images
|
||||||
|
|
||||||
|
## Upgrade Notes
|
||||||
|
|
||||||
|
- As mentioned in "Changed", `Pleroma.Upload, :base_url` **MUST** be configured. Uploads will fail without it.
|
||||||
|
- Same with media proxy.
|
||||||
|
|
||||||
## 2024.02
|
## 2024.02
|
||||||
|
|
||||||
## Added
|
## Added
|
||||||
|
|
|
@ -182,7 +182,9 @@ def warn do
|
||||||
check_quarantined_instances_tuples(),
|
check_quarantined_instances_tuples(),
|
||||||
check_transparency_exclusions_tuples(),
|
check_transparency_exclusions_tuples(),
|
||||||
check_simple_policy_tuples(),
|
check_simple_policy_tuples(),
|
||||||
check_http_adapter()
|
check_http_adapter(),
|
||||||
|
check_uploader_base_url_set(),
|
||||||
|
check_uploader_base_url_is_not_base_domain()
|
||||||
]
|
]
|
||||||
|> Enum.reduce(:ok, fn
|
|> Enum.reduce(:ok, fn
|
||||||
:ok, :ok -> :ok
|
:ok, :ok -> :ok
|
||||||
|
@ -337,4 +339,52 @@ def check_uploders_s3_public_endpoint do
|
||||||
:ok
|
:ok
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_uploader_base_url_set() do
|
||||||
|
base_url = Pleroma.Config.get([Pleroma.Upload, :base_url])
|
||||||
|
|
||||||
|
if base_url do
|
||||||
|
:ok
|
||||||
|
else
|
||||||
|
Logger.error("""
|
||||||
|
!!!WARNING!!!
|
||||||
|
Your config does not specify a base_url for uploads!
|
||||||
|
Please make the following change:\n
|
||||||
|
\n* `config :pleroma, Pleroma.Upload, base_url: "https://example.com/media/`
|
||||||
|
\n
|
||||||
|
\nPlease note that it is HEAVILY recommended to use a subdomain to host user-uploaded media!
|
||||||
|
""")
|
||||||
|
|
||||||
|
:error
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def check_uploader_base_url_is_not_base_domain() do
|
||||||
|
uploader_host =
|
||||||
|
[Pleroma.Upload, :base_url]
|
||||||
|
|> Pleroma.Config.get()
|
||||||
|
|> URI.parse()
|
||||||
|
|> Map.get(:host)
|
||||||
|
|
||||||
|
akkoma_host =
|
||||||
|
[Pleroma.Web.Endpoint, :url]
|
||||||
|
|> Pleroma.Config.get()
|
||||||
|
|> IO.inspect()
|
||||||
|
|> Keyword.get(:host)
|
||||||
|
|
||||||
|
if uploader_host == akkoma_host do
|
||||||
|
Logger.error("""
|
||||||
|
!!!WARNING!!!
|
||||||
|
Your Akkoma Host and your Upload base_url's host are the same!
|
||||||
|
This can potentially be insecure!
|
||||||
|
|
||||||
|
It is HIGHLY recommended that you migrate your media uploads
|
||||||
|
to a subdomain at your earliest convenience
|
||||||
|
""")
|
||||||
|
|
||||||
|
:error
|
||||||
|
else
|
||||||
|
:ok
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue