Fix/mediaproxy whitelist base url
This commit is contained in:
parent
5ff8f07ca9
commit
d93d777915
@ -35,6 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
- ActivityPub S2S: remote user deletions now work the same as local user deletions.
|
||||
- Not being able to access the Mastodon FE login page on private instances
|
||||
- Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag
|
||||
- Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.
|
||||
|
||||
### Added
|
||||
- MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)
|
||||
|
@ -4,6 +4,7 @@
|
||||
|
||||
defmodule Pleroma.Web.MediaProxy do
|
||||
alias Pleroma.Config
|
||||
alias Pleroma.Upload
|
||||
alias Pleroma.Web
|
||||
|
||||
@base64_opts [padding: false]
|
||||
@ -26,7 +27,18 @@ defmodule Pleroma.Web.MediaProxy do
|
||||
defp whitelisted?(url) do
|
||||
%{host: domain} = URI.parse(url)
|
||||
|
||||
Enum.any?(Config.get([:media_proxy, :whitelist]), fn pattern ->
|
||||
mediaproxy_whitelist = Config.get([:media_proxy, :whitelist])
|
||||
|
||||
upload_base_url_domain =
|
||||
if !is_nil(Config.get([Upload, :base_url])) do
|
||||
[URI.parse(Config.get([Upload, :base_url])).host]
|
||||
else
|
||||
[]
|
||||
end
|
||||
|
||||
whitelist = mediaproxy_whitelist ++ upload_base_url_domain
|
||||
|
||||
Enum.any?(whitelist, fn pattern ->
|
||||
String.equivalent?(domain, pattern)
|
||||
end)
|
||||
end
|
||||
|
@ -1671,40 +1671,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
|
||||
object = Repo.get(Object, media["id"])
|
||||
assert object.data["actor"] == User.ap_id(conn.assigns[:user])
|
||||
end
|
||||
|
||||
test "returns proxied url when media proxy is enabled", %{conn: conn, image: image} do
|
||||
Pleroma.Config.put([Pleroma.Upload, :base_url], "https://media.pleroma.social")
|
||||
|
||||
proxy_url = "https://cache.pleroma.social"
|
||||
Pleroma.Config.put([:media_proxy, :enabled], true)
|
||||
Pleroma.Config.put([:media_proxy, :base_url], proxy_url)
|
||||
|
||||
media =
|
||||
conn
|
||||
|> post("/api/v1/media", %{"file" => image})
|
||||
|> json_response(:ok)
|
||||
|
||||
assert String.starts_with?(media["url"], proxy_url)
|
||||
end
|
||||
|
||||
test "returns media url when proxy is enabled but media url is whitelisted", %{
|
||||
conn: conn,
|
||||
image: image
|
||||
} do
|
||||
media_url = "https://media.pleroma.social"
|
||||
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
|
||||
|
||||
Pleroma.Config.put([:media_proxy, :enabled], true)
|
||||
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
|
||||
Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"])
|
||||
|
||||
media =
|
||||
conn
|
||||
|> post("/api/v1/media", %{"file" => image})
|
||||
|> json_response(:ok)
|
||||
|
||||
assert String.starts_with?(media["url"], media_url)
|
||||
end
|
||||
end
|
||||
|
||||
describe "locked accounts" do
|
||||
|
@ -171,21 +171,6 @@ defmodule Pleroma.Web.MediaProxyTest do
|
||||
encoded = url(url)
|
||||
assert decode_result(encoded) == url
|
||||
end
|
||||
|
||||
test "does not change whitelisted urls" do
|
||||
upload_config = Pleroma.Config.get([Pleroma.Upload])
|
||||
media_url = "https://media.pleroma.social"
|
||||
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
|
||||
Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"])
|
||||
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
|
||||
|
||||
url = "#{media_url}/static/logo.png"
|
||||
encoded = url(url)
|
||||
|
||||
assert String.starts_with?(encoded, media_url)
|
||||
|
||||
Pleroma.Config.put([Pleroma.Upload], upload_config)
|
||||
end
|
||||
end
|
||||
|
||||
describe "when disabled" do
|
||||
@ -215,12 +200,43 @@ defmodule Pleroma.Web.MediaProxyTest do
|
||||
decoded
|
||||
end
|
||||
|
||||
test "mediaproxy whitelist" do
|
||||
Pleroma.Config.put([:media_proxy, :enabled], true)
|
||||
Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
|
||||
url = "https://feld.me/foo.png"
|
||||
describe "whitelist" do
|
||||
setup do
|
||||
Pleroma.Config.put([:media_proxy, :enabled], true)
|
||||
:ok
|
||||
end
|
||||
|
||||
unencoded = url(url)
|
||||
assert unencoded == url
|
||||
test "mediaproxy whitelist" do
|
||||
Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
|
||||
url = "https://feld.me/foo.png"
|
||||
|
||||
unencoded = url(url)
|
||||
assert unencoded == url
|
||||
end
|
||||
|
||||
test "does not change whitelisted urls" do
|
||||
Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"])
|
||||
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
|
||||
|
||||
media_url = "https://mycdn.akamai.com"
|
||||
|
||||
url = "#{media_url}/static/logo.png"
|
||||
encoded = url(url)
|
||||
|
||||
assert String.starts_with?(encoded, media_url)
|
||||
end
|
||||
|
||||
test "ensure Pleroma.Upload base_url is always whitelisted" do
|
||||
upload_config = Pleroma.Config.get([Pleroma.Upload])
|
||||
media_url = "https://media.pleroma.social"
|
||||
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
|
||||
|
||||
url = "#{media_url}/static/logo.png"
|
||||
encoded = url(url)
|
||||
|
||||
assert String.starts_with?(encoded, media_url)
|
||||
|
||||
Pleroma.Config.put([Pleroma.Upload], upload_config)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user