Move hardcoded default configuration into config.exs
This commit is contained in:
parent
7aff2b47c5
commit
d43d05005a
@ -677,7 +677,18 @@ config :pleroma, :rate_limit,
|
||||
|
||||
config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true, min_lifetime: 600
|
||||
|
||||
config :pleroma, Pleroma.Plugs.RemoteIp, enabled: true
|
||||
config :pleroma, Pleroma.Plugs.RemoteIp,
|
||||
enabled: true,
|
||||
headers: ["x-forwarded-for"],
|
||||
proxies: [],
|
||||
reserved: [
|
||||
"127.0.0.0/8",
|
||||
"::1/128",
|
||||
"fc00::/7",
|
||||
"10.0.0.0/8",
|
||||
"172.16.0.0/12",
|
||||
"192.168.0.0/16"
|
||||
]
|
||||
|
||||
config :pleroma, :static_fe, enabled: false
|
||||
|
||||
|
@ -7,45 +7,28 @@ defmodule Pleroma.Plugs.RemoteIp do
|
||||
This is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
|
||||
"""
|
||||
|
||||
alias Pleroma.Config
|
||||
import Plug.Conn
|
||||
|
||||
@behaviour Plug
|
||||
|
||||
@headers ~w[
|
||||
x-forwarded-for
|
||||
]
|
||||
|
||||
# https://en.wikipedia.org/wiki/Localhost
|
||||
# https://en.wikipedia.org/wiki/Private_network
|
||||
@reserved ~w[
|
||||
127.0.0.0/8
|
||||
::1/128
|
||||
fc00::/7
|
||||
10.0.0.0/8
|
||||
172.16.0.0/12
|
||||
192.168.0.0/16
|
||||
]
|
||||
|
||||
def init(_), do: nil
|
||||
|
||||
def call(%{remote_ip: original_remote_ip} = conn, _) do
|
||||
config = Pleroma.Config.get(__MODULE__, [])
|
||||
|
||||
if Keyword.get(config, :enabled, false) do
|
||||
%{remote_ip: new_remote_ip} = conn = RemoteIp.call(conn, remote_ip_opts(config))
|
||||
if Config.get([__MODULE__, :enabled]) do
|
||||
%{remote_ip: new_remote_ip} = conn = RemoteIp.call(conn, remote_ip_opts())
|
||||
assign(conn, :remote_ip_found, original_remote_ip != new_remote_ip)
|
||||
else
|
||||
conn
|
||||
end
|
||||
end
|
||||
|
||||
defp remote_ip_opts(config) do
|
||||
headers = config |> Keyword.get(:headers, @headers) |> MapSet.new()
|
||||
reserved = Keyword.get(config, :reserved, @reserved)
|
||||
defp remote_ip_opts() do
|
||||
headers = Config.get([__MODULE__, :headers], []) |> MapSet.new()
|
||||
reserved = Config.get([__MODULE__, :reserved], [])
|
||||
|
||||
proxies =
|
||||
config
|
||||
|> Keyword.get(:proxies, [])
|
||||
Config.get([__MODULE__, :proxies], [])
|
||||
|> Enum.concat(reserved)
|
||||
|> Enum.map(&maybe_add_cidr/1)
|
||||
|
||||
|
@ -3,13 +3,27 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Plugs.RemoteIpTest do
|
||||
use ExUnit.Case, async: true
|
||||
use ExUnit.Case
|
||||
use Plug.Test
|
||||
|
||||
alias Pleroma.Plugs.RemoteIp
|
||||
|
||||
import Pleroma.Tests.Helpers, only: [clear_config: 1, clear_config: 2]
|
||||
setup do: clear_config(RemoteIp)
|
||||
import Pleroma.Tests.Helpers, only: [clear_config: 2]
|
||||
|
||||
setup do:
|
||||
clear_config(RemoteIp,
|
||||
enabled: true,
|
||||
headers: ["x-forwarded-for"],
|
||||
proxies: [],
|
||||
reserved: [
|
||||
"127.0.0.0/8",
|
||||
"::1/128",
|
||||
"fc00::/7",
|
||||
"10.0.0.0/8",
|
||||
"172.16.0.0/12",
|
||||
"192.168.0.0/16"
|
||||
]
|
||||
)
|
||||
|
||||
test "disabled" do
|
||||
Pleroma.Config.put(RemoteIp, enabled: false)
|
||||
@ -25,8 +39,6 @@ defmodule Pleroma.Plugs.RemoteIpTest do
|
||||
end
|
||||
|
||||
test "enabled" do
|
||||
Pleroma.Config.put(RemoteIp, enabled: true)
|
||||
|
||||
conn =
|
||||
conn(:get, "/")
|
||||
|> put_req_header("x-forwarded-for", "1.1.1.1")
|
||||
@ -54,8 +66,6 @@ defmodule Pleroma.Plugs.RemoteIpTest do
|
||||
end
|
||||
|
||||
test "custom proxies" do
|
||||
Pleroma.Config.put(RemoteIp, enabled: true)
|
||||
|
||||
conn =
|
||||
conn(:get, "/")
|
||||
|> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
|
||||
|
Loading…
Reference in New Issue
Block a user