commit: 5eec0abe09ad49ffe7ff986ab28f54bddd6f3499
parent: 5ff8f07ca906d77a6ec1d5ba912a787f855364f9
Author: feld <feld@feld.me>
Date: Fri, 2 Aug 2019 17:07:09 +0000
Merge branch 'fix/mediaproxy-whitelist-base_url' into 'develop'
Fix/mediaproxy whitelist base url
See merge request pleroma/pleroma!1486
Diffstat:
4 files changed, 51 insertions(+), 56 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -35,6 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- ActivityPub S2S: remote user deletions now work the same as local user deletions.
- Not being able to access the Mastodon FE login page on private instances
- Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag
+- Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.
### Added
- MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)
diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex
@@ -4,6 +4,7 @@
defmodule Pleroma.Web.MediaProxy do
alias Pleroma.Config
+ alias Pleroma.Upload
alias Pleroma.Web
@base64_opts [padding: false]
@@ -26,7 +27,18 @@ defmodule Pleroma.Web.MediaProxy do
defp whitelisted?(url) do
%{host: domain} = URI.parse(url)
- Enum.any?(Config.get([:media_proxy, :whitelist]), fn pattern ->
+ mediaproxy_whitelist = Config.get([:media_proxy, :whitelist])
+
+ upload_base_url_domain =
+ if !is_nil(Config.get([Upload, :base_url])) do
+ [URI.parse(Config.get([Upload, :base_url])).host]
+ else
+ []
+ end
+
+ whitelist = mediaproxy_whitelist ++ upload_base_url_domain
+
+ Enum.any?(whitelist, fn pattern ->
String.equivalent?(domain, pattern)
end)
end
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -1671,40 +1671,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
object = Repo.get(Object, media["id"])
assert object.data["actor"] == User.ap_id(conn.assigns[:user])
end
-
- test "returns proxied url when media proxy is enabled", %{conn: conn, image: image} do
- Pleroma.Config.put([Pleroma.Upload, :base_url], "https://media.pleroma.social")
-
- proxy_url = "https://cache.pleroma.social"
- Pleroma.Config.put([:media_proxy, :enabled], true)
- Pleroma.Config.put([:media_proxy, :base_url], proxy_url)
-
- media =
- conn
- |> post("/api/v1/media", %{"file" => image})
- |> json_response(:ok)
-
- assert String.starts_with?(media["url"], proxy_url)
- end
-
- test "returns media url when proxy is enabled but media url is whitelisted", %{
- conn: conn,
- image: image
- } do
- media_url = "https://media.pleroma.social"
- Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
-
- Pleroma.Config.put([:media_proxy, :enabled], true)
- Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
- Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"])
-
- media =
- conn
- |> post("/api/v1/media", %{"file" => image})
- |> json_response(:ok)
-
- assert String.starts_with?(media["url"], media_url)
- end
end
describe "locked accounts" do
diff --git a/test/web/media_proxy/media_proxy_test.exs b/test/web/media_proxy/media_proxy_test.exs
@@ -171,21 +171,6 @@ defmodule Pleroma.Web.MediaProxyTest do
encoded = url(url)
assert decode_result(encoded) == url
end
-
- test "does not change whitelisted urls" do
- upload_config = Pleroma.Config.get([Pleroma.Upload])
- media_url = "https://media.pleroma.social"
- Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
- Pleroma.Config.put([:media_proxy, :whitelist], ["media.pleroma.social"])
- Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
-
- url = "#{media_url}/static/logo.png"
- encoded = url(url)
-
- assert String.starts_with?(encoded, media_url)
-
- Pleroma.Config.put([Pleroma.Upload], upload_config)
- end
end
describe "when disabled" do
@@ -215,12 +200,43 @@ defmodule Pleroma.Web.MediaProxyTest do
decoded
end
- test "mediaproxy whitelist" do
- Pleroma.Config.put([:media_proxy, :enabled], true)
- Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
- url = "https://feld.me/foo.png"
+ describe "whitelist" do
+ setup do
+ Pleroma.Config.put([:media_proxy, :enabled], true)
+ :ok
+ end
+
+ test "mediaproxy whitelist" do
+ Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
+ url = "https://feld.me/foo.png"
+
+ unencoded = url(url)
+ assert unencoded == url
+ end
+
+ test "does not change whitelisted urls" do
+ Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"])
+ Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
+
+ media_url = "https://mycdn.akamai.com"
- unencoded = url(url)
- assert unencoded == url
+ url = "#{media_url}/static/logo.png"
+ encoded = url(url)
+
+ assert String.starts_with?(encoded, media_url)
+ end
+
+ test "ensure Pleroma.Upload base_url is always whitelisted" do
+ upload_config = Pleroma.Config.get([Pleroma.Upload])
+ media_url = "https://media.pleroma.social"
+ Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
+
+ url = "#{media_url}/static/logo.png"
+ encoded = url(url)
+
+ assert String.starts_with?(encoded, media_url)
+
+ Pleroma.Config.put([Pleroma.Upload], upload_config)
+ end
end
end
