@@ -35,6 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). | |||
- ActivityPub S2S: remote user deletions now work the same as local user deletions. | |||
- Not being able to access the Mastodon FE login page on private instances | |||
- Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag | |||
- Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected. | |||
### Added | |||
- MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`) | |||
@@ -4,6 +4,7 @@ | |||
defmodule Pleroma.Web.MediaProxy do | |||
alias Pleroma.Config | |||
alias Pleroma.Upload | |||
alias Pleroma.Web | |||
@base64_opts [padding: false] | |||
@@ -26,7 +27,18 @@ defmodule Pleroma.Web.MediaProxy do | |||
defp whitelisted?(url) do | |||
%{host: domain} = URI.parse(url) | |||
Enum.any?(Config.get([:media_proxy, :whitelist]), fn pattern -> | |||
mediaproxy_whitelist = Config.get([:media_proxy, :whitelist]) | |||
upload_base_url_domain = | |||
if !is_nil(Config.get([Upload, :base_url])) do | |||
[URI.parse(Config.get([Upload, :base_url])).host] | |||
else | |||
[] | |||
end | |||
whitelist = mediaproxy_whitelist ++ upload_base_url_domain | |||
Enum.any?(whitelist, fn pattern -> | |||
String.equivalent?(domain, pattern) | |||
end) | |||
end | |||
@@ -1671,40 +1671,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do | |||
object = Repo.get(Object, media["id"]) | |||
assert object.data["actor"] == User.ap_id(conn.assigns[:user]) | |||
end | |||
test "returns proxied url when media proxy is enabled", %{conn: conn, image: image} do | |||
Pleroma.Config.put([Pleroma.Upload, :base_url], "https://media.pleroma.social") | |||
proxy_url = "https://cache.pleroma.social" | |||
Pleroma.Config.put([:media_proxy, :enabled], true) | |||
Pleroma.Config.put([:media_proxy, :base_url], proxy_url) | |||
media = | |||
conn | |||
|> post("/api/v1/media", %{"file" => image}) | |||
|> json_response(:ok) | |||
assert String.starts_with?(media["url"], proxy_url) | |||
end | |||
test "returns media url when proxy is enabled but media url is whitelisted", %{ | |||
conn: conn, | |||
image: image | |||
} do | |||
media_url = "https://media.pleroma.social" | |||
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url) | |||
Pleroma.Config.put([:media_proxy, :enabled], true) | |||
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") | |||
Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"]) | |||
media = | |||
conn | |||
|> post("/api/v1/media", %{"file" => image}) | |||
|> json_response(:ok) | |||
assert String.starts_with?(media["url"], media_url) | |||
end | |||
end | |||
describe "locked accounts" do | |||
@@ -171,21 +171,6 @@ defmodule Pleroma.Web.MediaProxyTest do | |||
encoded = url(url) | |||
assert decode_result(encoded) == url | |||
end | |||
test "does not change whitelisted urls" do | |||
upload_config = Pleroma.Config.get([Pleroma.Upload]) | |||
media_url = "https://media.pleroma.social" | |||
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url) | |||
Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"]) | |||
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") | |||
url = "#{media_url}/static/logo.png" | |||
encoded = url(url) | |||
assert String.starts_with?(encoded, media_url) | |||
Pleroma.Config.put([Pleroma.Upload], upload_config) | |||
end | |||
end | |||
describe "when disabled" do | |||
@@ -215,12 +200,43 @@ defmodule Pleroma.Web.MediaProxyTest do | |||
decoded | |||
end | |||
test "mediaproxy whitelist" do | |||
Pleroma.Config.put([:media_proxy, :enabled], true) | |||
Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"]) | |||
url = "https://feld.me/foo.png" | |||
describe "whitelist" do | |||
setup do | |||
Pleroma.Config.put([:media_proxy, :enabled], true) | |||
:ok | |||
end | |||
test "mediaproxy whitelist" do | |||
Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"]) | |||
url = "https://feld.me/foo.png" | |||
unencoded = url(url) | |||
assert unencoded == url | |||
end | |||
test "does not change whitelisted urls" do | |||
Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"]) | |||
Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") | |||
media_url = "https://mycdn.akamai.com" | |||
unencoded = url(url) | |||
assert unencoded == url | |||
url = "#{media_url}/static/logo.png" | |||
encoded = url(url) | |||
assert String.starts_with?(encoded, media_url) | |||
end | |||
test "ensure Pleroma.Upload base_url is always whitelisted" do | |||
upload_config = Pleroma.Config.get([Pleroma.Upload]) | |||
media_url = "https://media.pleroma.social" | |||
Pleroma.Config.put([Pleroma.Upload, :base_url], media_url) | |||
url = "#{media_url}/static/logo.png" | |||
encoded = url(url) | |||
assert String.starts_with?(encoded, media_url) | |||
Pleroma.Config.put([Pleroma.Upload], upload_config) | |||
end | |||
end | |||
end |