Add extra warnings if the uploader is on the same domain as the main application

This commit is contained in:
FloatingGhost 2024-04-02 10:20:59 +01:00
parent 2d439034ca
commit 4cd299bd83
2 changed files with 56 additions and 1 deletions

View file

@ -39,6 +39,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- our litepub JSON-LD schema is now served with the correct content type
- remote APNG attachments are now recognised as images
## Upgrade Notes
- As mentioned in "Changed", `Pleroma.Upload, :base_url` **MUST** be configured. Uploads will fail without it.
- Same with media proxy.
## 2024.02
## Added

View file

@ -182,7 +182,9 @@ def warn do
check_quarantined_instances_tuples(),
check_transparency_exclusions_tuples(),
check_simple_policy_tuples(),
check_http_adapter()
check_http_adapter(),
check_uploader_base_url_set(),
check_uploader_base_url_is_not_base_domain()
]
|> Enum.reduce(:ok, fn
:ok, :ok -> :ok
@ -337,4 +339,52 @@ def check_uploders_s3_public_endpoint do
:ok
end
end
def check_uploader_base_url_set() do
base_url = Pleroma.Config.get([Pleroma.Upload, :base_url])
if base_url do
:ok
else
Logger.error("""
!!!WARNING!!!
Your config does not specify a base_url for uploads!
Please make the following change:\n
\n* `config :pleroma, Pleroma.Upload, base_url: "https://example.com/media/`
\n
\nPlease note that it is HEAVILY recommended to use a subdomain to host user-uploaded media!
""")
:error
end
end
def check_uploader_base_url_is_not_base_domain() do
uploader_host =
[Pleroma.Upload, :base_url]
|> Pleroma.Config.get()
|> URI.parse()
|> Map.get(:host)
akkoma_host =
[Pleroma.Web.Endpoint, :url]
|> Pleroma.Config.get()
|> IO.inspect()
|> Keyword.get(:host)
if uploader_host == akkoma_host do
Logger.error("""
!!!WARNING!!!
Your Akkoma Host and your Upload base_url's host are the same!
This can potentially be insecure!
It is HIGHLY recommended that you migrate your media uploads
to a subdomain at your earliest convenience
""")
:error
else
:ok
end
end
end