mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-05 06:48:41 +00:00
Fix/mediaproxy whitelist base url
This commit is contained in:
parent
5ff8f07ca9
commit
d93d777915
4 changed files with 51 additions and 56 deletions
|
@ -35,6 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- ActivityPub S2S: remote user deletions now work the same as local user deletions.
|
- ActivityPub S2S: remote user deletions now work the same as local user deletions.
|
||||||
- Not being able to access the Mastodon FE login page on private instances
|
- Not being able to access the Mastodon FE login page on private instances
|
||||||
- Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag
|
- Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag
|
||||||
|
- Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
- MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)
|
- MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
|
|
||||||
defmodule Pleroma.Web.MediaProxy do
|
defmodule Pleroma.Web.MediaProxy do
|
||||||
alias Pleroma.Config
|
alias Pleroma.Config
|
||||||
|
alias Pleroma.Upload
|
||||||
alias Pleroma.Web
|
alias Pleroma.Web
|
||||||
|
|
||||||
@base64_opts [padding: false]
|
@base64_opts [padding: false]
|
||||||
|
@ -26,7 +27,18 @@ defmodule Pleroma.Web.MediaProxy do
|
||||||
defp whitelisted?(url) do
|
defp whitelisted?(url) do
|
||||||
%{host: domain} = URI.parse(url)
|
%{host: domain} = URI.parse(url)
|
||||||
|
|
||||||
Enum.any?(Config.get([:media_proxy, :whitelist]), fn pattern ->
|
mediaproxy_whitelist = Config.get([:media_proxy, :whitelist])
|
||||||
|
|
||||||
|
upload_base_url_domain =
|
||||||
|
if !is_nil(Config.get([Upload, :base_url])) do
|
||||||
|
[URI.parse(Config.get([Upload, :base_url])).host]
|
||||||
|
else
|
||||||
|
[]
|
||||||
|
end
|
||||||
|
|
||||||
|
whitelist = mediaproxy_whitelist ++ upload_base_url_domain
|
||||||
|
|
||||||
|
Enum.any?(whitelist, fn pattern ->
|
||||||
String.equivalent?(domain, pattern)
|
String.equivalent?(domain, pattern)
|
||||||
end)
|
end)
|
||||||
end
|
end
|
||||||
|
|
|
@ -1671,40 +1671,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
|
||||||
object = Repo.get(Object, media["id"])
|
object = Repo.get(Object, media["id"])
|
||||||
assert object.data["actor"] == User.ap_id(conn.assigns[:user])
|
assert object.data["actor"] == User.ap_id(conn.assigns[:user])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns proxied url when media proxy is enabled", %{conn: conn, image: image} do
|
|
||||||
Pleroma.Config.put([Pleroma.Upload, :base_url], "https://media.pleroma.social")
|
|
||||||
|
|
||||||
proxy_url = "https://cache.pleroma.social"
|
|
||||||
Pleroma.Config.put([:media_proxy, :enabled], true)
|
|
||||||
Pleroma.Config.put([:media_proxy, :base_url], proxy_url)
|
|
||||||
|
|
||||||
media =
|
|
||||||
conn
|
|
||||||
|> post("/api/v1/media", %{"file" => image})
|
|
||||||
|> json_response(:ok)
|
|
||||||
|
|
||||||
assert String.starts_with?(media["url"], proxy_url)
|
|
||||||
end
|
|
||||||
|
|
||||||
test "returns media url when proxy is enabled but media url is whitelisted", %{
|
|
||||||
conn: conn,
|
|
||||||
image: image
|
|
||||||
} do
|
|
||||||
media_url = "https://media.pleroma.social"
|
|
||||||
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
|
|
||||||
|
|
||||||
Pleroma.Config.put([:media_proxy, :enabled], true)
|
|
||||||
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
|
|
||||||
Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"])
|
|
||||||
|
|
||||||
media =
|
|
||||||
conn
|
|
||||||
|> post("/api/v1/media", %{"file" => image})
|
|
||||||
|> json_response(:ok)
|
|
||||||
|
|
||||||
assert String.starts_with?(media["url"], media_url)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "locked accounts" do
|
describe "locked accounts" do
|
||||||
|
|
|
@ -171,21 +171,6 @@ defmodule Pleroma.Web.MediaProxyTest do
|
||||||
encoded = url(url)
|
encoded = url(url)
|
||||||
assert decode_result(encoded) == url
|
assert decode_result(encoded) == url
|
||||||
end
|
end
|
||||||
|
|
||||||
test "does not change whitelisted urls" do
|
|
||||||
upload_config = Pleroma.Config.get([Pleroma.Upload])
|
|
||||||
media_url = "https://media.pleroma.social"
|
|
||||||
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
|
|
||||||
Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"])
|
|
||||||
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
|
|
||||||
|
|
||||||
url = "#{media_url}/static/logo.png"
|
|
||||||
encoded = url(url)
|
|
||||||
|
|
||||||
assert String.starts_with?(encoded, media_url)
|
|
||||||
|
|
||||||
Pleroma.Config.put([Pleroma.Upload], upload_config)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "when disabled" do
|
describe "when disabled" do
|
||||||
|
@ -215,12 +200,43 @@ defmodule Pleroma.Web.MediaProxyTest do
|
||||||
decoded
|
decoded
|
||||||
end
|
end
|
||||||
|
|
||||||
test "mediaproxy whitelist" do
|
describe "whitelist" do
|
||||||
|
setup do
|
||||||
Pleroma.Config.put([:media_proxy, :enabled], true)
|
Pleroma.Config.put([:media_proxy, :enabled], true)
|
||||||
|
:ok
|
||||||
|
end
|
||||||
|
|
||||||
|
test "mediaproxy whitelist" do
|
||||||
Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
|
Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
|
||||||
url = "https://feld.me/foo.png"
|
url = "https://feld.me/foo.png"
|
||||||
|
|
||||||
unencoded = url(url)
|
unencoded = url(url)
|
||||||
assert unencoded == url
|
assert unencoded == url
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "does not change whitelisted urls" do
|
||||||
|
Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"])
|
||||||
|
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
|
||||||
|
|
||||||
|
media_url = "https://mycdn.akamai.com"
|
||||||
|
|
||||||
|
url = "#{media_url}/static/logo.png"
|
||||||
|
encoded = url(url)
|
||||||
|
|
||||||
|
assert String.starts_with?(encoded, media_url)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "ensure Pleroma.Upload base_url is always whitelisted" do
|
||||||
|
upload_config = Pleroma.Config.get([Pleroma.Upload])
|
||||||
|
media_url = "https://media.pleroma.social"
|
||||||
|
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
|
||||||
|
|
||||||
|
url = "#{media_url}/static/logo.png"
|
||||||
|
encoded = url(url)
|
||||||
|
|
||||||
|
assert String.starts_with?(encoded, media_url)
|
||||||
|
|
||||||
|
Pleroma.Config.put([Pleroma.Upload], upload_config)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue