diff --git a/CHANGELOG.md b/CHANGELOG.md index 162d25cdf..398b0ee45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -39,6 +39,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - our litepub JSON-LD schema is now served with the correct content type - remote APNG attachments are now recognised as images +## Upgrade Notes + +- As mentioned in "Changed", `Pleroma.Upload, :base_url` **MUST** be configured. Uploads will fail without it. + - Akkoma will refuse to start if this is not set. +- Same with media proxy. + ## 2024.02 ## Added diff --git a/config/description.exs b/config/description.exs index 3ddd874f8..ec5050be6 100644 --- a/config/description.exs +++ b/config/description.exs @@ -100,9 +100,9 @@ label: "Base URL", type: :string, description: - "Base URL for the uploads. Required if you use a CDN or host attachments under a different domain.", + "Base URL for the uploads. Required if you use a CDN or host attachments under a different domain - it is HIGHLY recommended that you **do not** set this to be the same as the domain akkoma is hosted on.", suggestions: [ - "https://cdn-host.com" + "https://media.akkoma.dev/media/" ] }, %{ diff --git a/config/test.exs b/config/test.exs index 666a0fb87..97d005eab 100644 --- a/config/test.exs +++ b/config/test.exs @@ -22,6 +22,7 @@ config :pleroma, :auth, oauth_consumer_strategies: [] config :pleroma, Pleroma.Upload, + base_url: "http://localhost:4001/media/", filters: [], link_name: false diff --git a/docs/docs/configuration/cheatsheet.md b/docs/docs/configuration/cheatsheet.md index c4259c6cf..d238d73aa 100644 --- a/docs/docs/configuration/cheatsheet.md +++ b/docs/docs/configuration/cheatsheet.md @@ -602,7 +602,7 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th * `filters`: List of [upload filters](#upload-filters) to use. * `link_name`: When enabled Akkoma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers * `base_url`: The base URL to access a user-uploaded file; MUST be configured explicitly. - Using a (sub)domain distinct from the instance endpoint is **strongly** recommended. + Using a (sub)domain distinct from the instance endpoint is **strongly** recommended. A good value might be `https://media.myakkoma.instance/media/`. * `proxy_remote`: If you're using a remote uploader, Akkoma will proxy media requests instead of redirecting to it. * `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation. * `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30. diff --git a/lib/pleroma/config/deprecation_warnings.ex b/lib/pleroma/config/deprecation_warnings.ex index beb3f5e7f..c299a4947 100644 --- a/lib/pleroma/config/deprecation_warnings.ex +++ b/lib/pleroma/config/deprecation_warnings.ex @@ -182,7 +182,9 @@ def warn do check_quarantined_instances_tuples(), check_transparency_exclusions_tuples(), check_simple_policy_tuples(), - check_http_adapter() + check_http_adapter(), + check_uploader_base_url_set(), + check_uploader_base_url_is_not_base_domain() ] |> Enum.reduce(:ok, fn :ok, :ok -> :ok @@ -337,4 +339,54 @@ def check_uploders_s3_public_endpoint do :ok end end + + def check_uploader_base_url_set() do + uses_local_uploader? = Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.Local + base_url = Pleroma.Config.get([Pleroma.Upload, :base_url]) + + if base_url || !uses_local_uploader? do + :ok + else + Logger.error(""" + !!!WARNING!!! + Your config does not specify a base_url for uploads! + Please make the following change:\n + \n* `config :pleroma, Pleroma.Upload, base_url: "https://example.com/media/` + \n + \nPlease note that it is HEAVILY recommended to use a subdomain to host user-uploaded media! + """) + + # This is a hard exit - the uploader will not work without a base_url + raise ArgumentError, message: "No base_url set for uploads - please set one in your config!" + end + end + + def check_uploader_base_url_is_not_base_domain() do + uses_local_uploader? = Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.Local + + uploader_host = + [Pleroma.Upload, :base_url] + |> Pleroma.Config.get() + |> URI.parse() + |> Map.get(:host) + + akkoma_host = + [Pleroma.Web.Endpoint, :url] + |> Pleroma.Config.get() + |> Keyword.get(:host) + + if uploader_host == akkoma_host && uses_local_uploader? do + Logger.error(""" + !!!WARNING!!! + Your Akkoma Host and your Upload base_url's host are the same! + This can potentially be insecure! + + It is HIGHLY recommended that you migrate your media uploads + to a subdomain at your earliest convenience + """) + end + + # This isn't actually an error condition, just a warning + :ok + end end diff --git a/mix.exs b/mix.exs index f501eec58..b942c6c23 100644 --- a/mix.exs +++ b/mix.exs @@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do def project do [ app: :pleroma, - version: version("3.12.0"), + version: version("3.12.2"), elixir: "~> 1.14", elixirc_paths: elixirc_paths(Mix.env()), compilers: Mix.compilers(), diff --git a/test/pleroma/config/deprecation_warnings_test.exs b/test/pleroma/config/deprecation_warnings_test.exs index 98c128e6a..96d6fd739 100644 --- a/test/pleroma/config/deprecation_warnings_test.exs +++ b/test/pleroma/config/deprecation_warnings_test.exs @@ -289,4 +289,64 @@ test "check_http_adapter/0" do Application.put_env(:tesla, :adapter, Tesla.Mock) end + + describe "check_uploader_base_url_set/0" do + test "should error if the base_url is not set" do + clear_config([Pleroma.Upload, :base_url], nil) + + # we need to capture the error + assert_raise ArgumentError, fn -> + assert capture_log(fn -> + DeprecationWarnings.check_uploader_base_url_set() + end) =~ "Your config does not specify a base_url for uploads!" + end + end + + test "should not error if the base_url is set" do + clear_config([Pleroma.Upload, :base_url], "https://example.com") + + refute capture_log(fn -> + DeprecationWarnings.check_uploader_base_url_set() + end) =~ "Your config does not specify a base_url for uploads!" + end + + test "should not error if local uploader is not used" do + clear_config([Pleroma.Upload, :base_url], nil) + clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.S3) + + refute capture_log(fn -> + DeprecationWarnings.check_uploader_base_url_set() + end) =~ "Your config does not specify a base_url for uploads!" + end + end + + describe "check_uploader_base_url_is_not_base_domain/0" do + test "should error if the akkoma domain is the same as the upload domain" do + clear_config([Pleroma.Upload, :base_url], "http://localhost") + + assert capture_log(fn -> + DeprecationWarnings.check_uploader_base_url_is_not_base_domain() + end) =~ "Your Akkoma Host and your Upload base_url's host are the same!" + end + + test "should not error if the local uploader is not used" do + clear_config([Pleroma.Upload, :base_url], "http://localhost") + clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.S3) + + refute capture_log(fn -> + DeprecationWarnings.check_uploader_base_url_is_not_base_domain() + end) =~ "Your Akkoma Host and your Upload base_url's host are the same!" + end + + test "should not error if the akkoma domain is different from the upload domain" do + clear_config([Pleroma.Upload, :base_url], "https://media.localhost") + clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local) + + refute capture_log(fn -> + DeprecationWarnings.check_uploader_base_url_is_not_base_domain() + end) =~ "Your Akkoma Host and your Upload base_url's host are the same!" + + clear_config([Pleroma.Upload, :base_url]) + end + end end diff --git a/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs b/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs index ba5087f1b..932251389 100644 --- a/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs +++ b/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do - use Pleroma.DataCase + use Pleroma.DataCase, async: false alias Pleroma.Config alias Pleroma.Emoji @@ -60,6 +60,9 @@ defmacro mock_tesla( emoji_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/stolen") + emoji_base_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/") + File.mkdir_p(emoji_base_path) + Emoji.reload() message = %{ diff --git a/test/pleroma/web/plugs/http_security_plug_test.exs b/test/pleroma/web/plugs/http_security_plug_test.exs index 3c029b9b2..bd8207ae0 100644 --- a/test/pleroma/web/plugs/http_security_plug_test.exs +++ b/test/pleroma/web/plugs/http_security_plug_test.exs @@ -7,6 +7,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do alias Plug.Conn + setup_all do: clear_config([Pleroma.Upload, :base_url], nil) + describe "http security enabled" do setup do: clear_config([:http_security, :enabled], true)