mirror of https://akkoma.dev/AkkomaGang/akkoma.git
Compare commits
5 Commits
b8393ad9ed
...
090a77d1af
| Author | SHA1 | Date |
|---|---|---|
floatingghost
|
090a77d1af | |
|
floatingghost
|
0e066bddae | |
|
Oneric
|
9598137d32 | |
|
Oneric
|
d7c8e9df27 | |
|
Oneric
|
a0daec6ea1 |
|
|
@ -26,6 +26,8 @@ config :pleroma, Pleroma.Upload,
|
|||
filters: [],
|
||||
link_name: false
|
||||
|
||||
config :pleroma, :media_proxy, base_url: "http://localhost:4001"
|
||||
|
||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "test/uploads"
|
||||
|
||||
config :pleroma, Pleroma.Emails.Mailer, adapter: Swoosh.Adapters.Test, enabled: true
|
||||
|
|
|
|||
|
|
@ -39,8 +39,6 @@ defmodule Pleroma.Upload do
|
|||
alias Pleroma.Web.ActivityPub.Utils
|
||||
require Logger
|
||||
|
||||
@mix_env Mix.env()
|
||||
|
||||
@type source ::
|
||||
Plug.Upload.t()
|
||||
| (data_uri_string :: String.t())
|
||||
|
|
@ -230,13 +228,6 @@ defmodule Pleroma.Upload do
|
|||
|
||||
defp url_from_spec(_upload, _base_url, {:url, url}), do: url
|
||||
|
||||
if @mix_env == :test do
|
||||
defp choose_base_url(prim, sec \\ nil),
|
||||
do: prim || sec || Pleroma.Web.Endpoint.url() <> "/media/"
|
||||
else
|
||||
defp choose_base_url(prim, sec \\ nil), do: prim || sec
|
||||
end
|
||||
|
||||
def base_url do
|
||||
uploader = Config.get([Pleroma.Upload, :uploader])
|
||||
upload_base_url = Config.get([Pleroma.Upload, :base_url])
|
||||
|
|
@ -244,7 +235,7 @@ defmodule Pleroma.Upload do
|
|||
|
||||
case uploader do
|
||||
Pleroma.Uploaders.Local ->
|
||||
choose_base_url(upload_base_url)
|
||||
upload_base_url
|
||||
|
||||
Pleroma.Uploaders.S3 ->
|
||||
bucket = Config.get([Pleroma.Uploaders.S3, :bucket])
|
||||
|
|
@ -270,7 +261,7 @@ defmodule Pleroma.Upload do
|
|||
end
|
||||
|
||||
_ ->
|
||||
choose_base_url(public_endpoint, upload_base_url)
|
||||
public_endpoint || upload_base_url
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -14,8 +14,6 @@ defmodule Pleroma.Web.MediaProxy do
|
|||
|
||||
@cachex Pleroma.Config.get([:cachex, :provider], Cachex)
|
||||
|
||||
@mix_env Mix.env()
|
||||
|
||||
def cache_table, do: @cache_table
|
||||
|
||||
@spec in_banned_urls(String.t()) :: boolean()
|
||||
|
|
@ -146,14 +144,8 @@ defmodule Pleroma.Web.MediaProxy do
|
|||
if path = URI.parse(url_or_path).path, do: Path.basename(path)
|
||||
end
|
||||
|
||||
if @mix_env == :test do
|
||||
def base_url do
|
||||
Config.get([:media_proxy, :base_url], Endpoint.url())
|
||||
end
|
||||
else
|
||||
def base_url do
|
||||
Config.get!([:media_proxy, :base_url])
|
||||
end
|
||||
def base_url do
|
||||
Config.get!([:media_proxy, :base_url])
|
||||
end
|
||||
|
||||
defp proxy_url(path, sig_base64, url_base64, filename) do
|
||||
|
|
|
|||
|
|
@ -117,6 +117,7 @@ nav {
|
|||
|
||||
.inner-nav img {
|
||||
height: 28px;
|
||||
width: auto;
|
||||
vertical-align: middle;
|
||||
padding-right: 5px
|
||||
}
|
||||
|
|
@ -440,6 +441,7 @@ summary {
|
|||
.avatar img {
|
||||
border-radius: 3px;
|
||||
box-shadow: var(--avatarShadow);
|
||||
object-fit: cover;
|
||||
}
|
||||
|
||||
.user-summary {
|
||||
|
|
@ -642,13 +644,13 @@ summary {
|
|||
}
|
||||
|
||||
img:not(.u-photo, .fa-icon) {
|
||||
width: 32px;
|
||||
width: auto;
|
||||
height: 32px;
|
||||
padding: 0;
|
||||
vertical-align: middle;
|
||||
}
|
||||
|
||||
.username img:not(.u-photo) {
|
||||
width: 16px;
|
||||
width: auto;
|
||||
height: 16px;
|
||||
}
|
||||
|
|
@ -7,8 +7,6 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
|
|||
|
||||
alias Plug.Conn
|
||||
|
||||
setup_all do: clear_config([Pleroma.Upload, :base_url], nil)
|
||||
|
||||
describe "http security enabled" do
|
||||
setup do: clear_config([:http_security, :enabled], true)
|
||||
|
||||
|
|
@ -98,51 +96,68 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
|
|||
test "media_proxy with base_url", %{conn: conn} do
|
||||
url = "https://example.com"
|
||||
clear_config([:media_proxy, :base_url], url)
|
||||
assert_media_img_src(conn, url)
|
||||
assert_media_img_src(conn, proxy: url)
|
||||
assert_connect_src(conn, url)
|
||||
end
|
||||
|
||||
test "upload with base url", %{conn: conn} do
|
||||
url = "https://example2.com"
|
||||
clear_config([Pleroma.Upload, :base_url], url)
|
||||
assert_media_img_src(conn, url)
|
||||
assert_media_img_src(conn, upload: url)
|
||||
assert_connect_src(conn, url)
|
||||
end
|
||||
|
||||
test "with S3 public endpoint", %{conn: conn} do
|
||||
url = "https://example3.com"
|
||||
clear_config([Pleroma.Uploaders.S3, :public_endpoint], url)
|
||||
assert_media_img_src(conn, url)
|
||||
assert_media_img_src(conn, s3: url)
|
||||
end
|
||||
|
||||
test "with captcha endpoint", %{conn: conn} do
|
||||
clear_config([Pleroma.Captcha.Mock, :endpoint], "https://captcha.com")
|
||||
assert_media_img_src(conn, "https://captcha.com")
|
||||
assert_media_img_src(conn, captcha: "https://captcha.com")
|
||||
end
|
||||
|
||||
test "with media_proxy whitelist", %{conn: conn} do
|
||||
clear_config([:media_proxy, :whitelist], ["https://example6.com", "https://example7.com"])
|
||||
assert_media_img_src(conn, "https://example7.com https://example6.com")
|
||||
assert_media_img_src(conn, proxy_whitelist: "https://example7.com https://example6.com")
|
||||
end
|
||||
|
||||
# TODO: delete after removing support bare domains for media proxy whitelist
|
||||
test "with media_proxy bare domains whitelist (deprecated)", %{conn: conn} do
|
||||
clear_config([:media_proxy, :whitelist], ["example4.com", "example5.com"])
|
||||
assert_media_img_src(conn, "example5.com example4.com")
|
||||
assert_media_img_src(conn, proxy_whitelist: "example5.com example4.com")
|
||||
end
|
||||
|
||||
test "with media_proxy blocklist", %{conn: conn} do
|
||||
clear_config([:media_proxy, :whitelist], ["https://example6.com", "https://example7.com"])
|
||||
clear_config([:media_proxy, :blocklist], ["https://example8.com"])
|
||||
assert_media_img_src(conn, "https://example7.com https://example6.com")
|
||||
assert_media_img_src(conn, proxy_whitelist: "https://example7.com https://example6.com")
|
||||
end
|
||||
end
|
||||
|
||||
defp assert_media_img_src(conn, url) do
|
||||
defp maybe_concat(nil, b), do: b
|
||||
defp maybe_concat(a, nil), do: a
|
||||
defp maybe_concat(a, b), do: a <> " " <> b
|
||||
|
||||
defp build_src_str(urls) do
|
||||
urls[:proxy_whitelist]
|
||||
|> maybe_concat(urls[:s3])
|
||||
|> maybe_concat(urls[:upload])
|
||||
|> maybe_concat(urls[:proxy])
|
||||
|> maybe_concat(urls[:captcha])
|
||||
end
|
||||
|
||||
defp assert_media_img_src(conn, urls) do
|
||||
urlstr =
|
||||
[upload: "http://localhost", proxy: "http://localhost"]
|
||||
|> Keyword.merge(urls)
|
||||
|> build_src_str()
|
||||
|
||||
conn = get(conn, "/api/v1/instance")
|
||||
[csp] = Conn.get_resp_header(conn, "content-security-policy")
|
||||
assert csp =~ "media-src 'self' #{url};"
|
||||
assert csp =~ "img-src 'self' data: blob: #{url};"
|
||||
assert csp =~ "media-src 'self' #{urlstr};"
|
||||
assert csp =~ "img-src 'self' data: blob: #{urlstr};"
|
||||
end
|
||||
|
||||
defp assert_connect_src(conn, url) do
|
||||
|
|
|
|||
Loading…
Reference in New Issue