Fix/mediaproxy whitelist base url

This commit is contained in:
feld 2019-08-02 17:07:09 +00:00
parent 5ff8f07ca9
commit d93d777915
4 changed files with 51 additions and 56 deletions

View file

@ -35,6 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- ActivityPub S2S: remote user deletions now work the same as local user deletions.
- Not being able to access the Mastodon FE login page on private instances
- Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag
- Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.
### Added
- MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)

View file

@ -4,6 +4,7 @@
defmodule Pleroma.Web.MediaProxy do
alias Pleroma.Config
alias Pleroma.Upload
alias Pleroma.Web
@base64_opts [padding: false]
@ -26,7 +27,18 @@ defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())
defp whitelisted?(url) do
%{host: domain} = URI.parse(url)
Enum.any?(Config.get([:media_proxy, :whitelist]), fn pattern ->
mediaproxy_whitelist = Config.get([:media_proxy, :whitelist])
upload_base_url_domain =
if !is_nil(Config.get([Upload, :base_url])) do
[URI.parse(Config.get([Upload, :base_url])).host]
else
[]
end
whitelist = mediaproxy_whitelist ++ upload_base_url_domain
Enum.any?(whitelist, fn pattern ->
String.equivalent?(domain, pattern)
end)
end

View file

@ -1671,40 +1671,6 @@ test "returns uploaded image", %{conn: conn, image: image} do
object = Repo.get(Object, media["id"])
assert object.data["actor"] == User.ap_id(conn.assigns[:user])
end
test "returns proxied url when media proxy is enabled", %{conn: conn, image: image} do
Pleroma.Config.put([Pleroma.Upload, :base_url], "https://media.pleroma.social")
proxy_url = "https://cache.pleroma.social"
Pleroma.Config.put([:media_proxy, :enabled], true)
Pleroma.Config.put([:media_proxy, :base_url], proxy_url)
media =
conn
|> post("/api/v1/media", %{"file" => image})
|> json_response(:ok)
assert String.starts_with?(media["url"], proxy_url)
end
test "returns media url when proxy is enabled but media url is whitelisted", %{
conn: conn,
image: image
} do
media_url = "https://media.pleroma.social"
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
Pleroma.Config.put([:media_proxy, :enabled], true)
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"])
media =
conn
|> post("/api/v1/media", %{"file" => image})
|> json_response(:ok)
assert String.starts_with?(media["url"], media_url)
end
end
describe "locked accounts" do

View file

@ -171,21 +171,6 @@ test "preserve unicode characters" do
encoded = url(url)
assert decode_result(encoded) == url
end
test "does not change whitelisted urls" do
upload_config = Pleroma.Config.get([Pleroma.Upload])
media_url = "https://media.pleroma.social"
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"])
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
url = "#{media_url}/static/logo.png"
encoded = url(url)
assert String.starts_with?(encoded, media_url)
Pleroma.Config.put([Pleroma.Upload], upload_config)
end
end
describe "when disabled" do
@ -215,12 +200,43 @@ defp decode_result(encoded) do
decoded
end
test "mediaproxy whitelist" do
Pleroma.Config.put([:media_proxy, :enabled], true)
Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
url = "https://feld.me/foo.png"
describe "whitelist" do
setup do
Pleroma.Config.put([:media_proxy, :enabled], true)
:ok
end
unencoded = url(url)
assert unencoded == url
test "mediaproxy whitelist" do
Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
url = "https://feld.me/foo.png"
unencoded = url(url)
assert unencoded == url
end
test "does not change whitelisted urls" do
Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"])
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
media_url = "https://mycdn.akamai.com"
url = "#{media_url}/static/logo.png"
encoded = url(url)
assert String.starts_with?(encoded, media_url)
end
test "ensure Pleroma.Upload base_url is always whitelisted" do
upload_config = Pleroma.Config.get([Pleroma.Upload])
media_url = "https://media.pleroma.social"
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
url = "#{media_url}/static/logo.png"
encoded = url(url)
assert String.starts_with?(encoded, media_url)
Pleroma.Config.put([Pleroma.Upload], upload_config)
end
end
end