Merge branch 'develop' into stable
This commit is contained in:
commit
26a91d5c9e
9 changed files with 130 additions and 6 deletions
|
@ -39,6 +39,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- our litepub JSON-LD schema is now served with the correct content type
|
- our litepub JSON-LD schema is now served with the correct content type
|
||||||
- remote APNG attachments are now recognised as images
|
- remote APNG attachments are now recognised as images
|
||||||
|
|
||||||
|
## Upgrade Notes
|
||||||
|
|
||||||
|
- As mentioned in "Changed", `Pleroma.Upload, :base_url` **MUST** be configured. Uploads will fail without it.
|
||||||
|
- Akkoma will refuse to start if this is not set.
|
||||||
|
- Same with media proxy.
|
||||||
|
|
||||||
## 2024.02
|
## 2024.02
|
||||||
|
|
||||||
## Added
|
## Added
|
||||||
|
|
|
@ -100,9 +100,9 @@ config :pleroma, :config_description, [
|
||||||
label: "Base URL",
|
label: "Base URL",
|
||||||
type: :string,
|
type: :string,
|
||||||
description:
|
description:
|
||||||
"Base URL for the uploads. Required if you use a CDN or host attachments under a different domain.",
|
"Base URL for the uploads. Required if you use a CDN or host attachments under a different domain - it is HIGHLY recommended that you **do not** set this to be the same as the domain akkoma is hosted on.",
|
||||||
suggestions: [
|
suggestions: [
|
||||||
"https://cdn-host.com"
|
"https://media.akkoma.dev/media/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
|
|
|
@ -22,6 +22,7 @@ config :logger, :console,
|
||||||
config :pleroma, :auth, oauth_consumer_strategies: []
|
config :pleroma, :auth, oauth_consumer_strategies: []
|
||||||
|
|
||||||
config :pleroma, Pleroma.Upload,
|
config :pleroma, Pleroma.Upload,
|
||||||
|
base_url: "http://localhost:4001/media/",
|
||||||
filters: [],
|
filters: [],
|
||||||
link_name: false
|
link_name: false
|
||||||
|
|
||||||
|
|
|
@ -602,7 +602,7 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th
|
||||||
* `filters`: List of [upload filters](#upload-filters) to use.
|
* `filters`: List of [upload filters](#upload-filters) to use.
|
||||||
* `link_name`: When enabled Akkoma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers
|
* `link_name`: When enabled Akkoma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers
|
||||||
* `base_url`: The base URL to access a user-uploaded file; MUST be configured explicitly.
|
* `base_url`: The base URL to access a user-uploaded file; MUST be configured explicitly.
|
||||||
Using a (sub)domain distinct from the instance endpoint is **strongly** recommended.
|
Using a (sub)domain distinct from the instance endpoint is **strongly** recommended. A good value might be `https://media.myakkoma.instance/media/`.
|
||||||
* `proxy_remote`: If you're using a remote uploader, Akkoma will proxy media requests instead of redirecting to it.
|
* `proxy_remote`: If you're using a remote uploader, Akkoma will proxy media requests instead of redirecting to it.
|
||||||
* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
|
* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
|
||||||
* `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
|
* `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
|
||||||
|
|
|
@ -182,7 +182,9 @@ defmodule Pleroma.Config.DeprecationWarnings do
|
||||||
check_quarantined_instances_tuples(),
|
check_quarantined_instances_tuples(),
|
||||||
check_transparency_exclusions_tuples(),
|
check_transparency_exclusions_tuples(),
|
||||||
check_simple_policy_tuples(),
|
check_simple_policy_tuples(),
|
||||||
check_http_adapter()
|
check_http_adapter(),
|
||||||
|
check_uploader_base_url_set(),
|
||||||
|
check_uploader_base_url_is_not_base_domain()
|
||||||
]
|
]
|
||||||
|> Enum.reduce(:ok, fn
|
|> Enum.reduce(:ok, fn
|
||||||
:ok, :ok -> :ok
|
:ok, :ok -> :ok
|
||||||
|
@ -337,4 +339,54 @@ defmodule Pleroma.Config.DeprecationWarnings do
|
||||||
:ok
|
:ok
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_uploader_base_url_set() do
|
||||||
|
uses_local_uploader? = Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.Local
|
||||||
|
base_url = Pleroma.Config.get([Pleroma.Upload, :base_url])
|
||||||
|
|
||||||
|
if base_url || !uses_local_uploader? do
|
||||||
|
:ok
|
||||||
|
else
|
||||||
|
Logger.error("""
|
||||||
|
!!!WARNING!!!
|
||||||
|
Your config does not specify a base_url for uploads!
|
||||||
|
Please make the following change:\n
|
||||||
|
\n* `config :pleroma, Pleroma.Upload, base_url: "https://example.com/media/`
|
||||||
|
\n
|
||||||
|
\nPlease note that it is HEAVILY recommended to use a subdomain to host user-uploaded media!
|
||||||
|
""")
|
||||||
|
|
||||||
|
# This is a hard exit - the uploader will not work without a base_url
|
||||||
|
raise ArgumentError, message: "No base_url set for uploads - please set one in your config!"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def check_uploader_base_url_is_not_base_domain() do
|
||||||
|
uses_local_uploader? = Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.Local
|
||||||
|
|
||||||
|
uploader_host =
|
||||||
|
[Pleroma.Upload, :base_url]
|
||||||
|
|> Pleroma.Config.get()
|
||||||
|
|> URI.parse()
|
||||||
|
|> Map.get(:host)
|
||||||
|
|
||||||
|
akkoma_host =
|
||||||
|
[Pleroma.Web.Endpoint, :url]
|
||||||
|
|> Pleroma.Config.get()
|
||||||
|
|> Keyword.get(:host)
|
||||||
|
|
||||||
|
if uploader_host == akkoma_host && uses_local_uploader? do
|
||||||
|
Logger.error("""
|
||||||
|
!!!WARNING!!!
|
||||||
|
Your Akkoma Host and your Upload base_url's host are the same!
|
||||||
|
This can potentially be insecure!
|
||||||
|
|
||||||
|
It is HIGHLY recommended that you migrate your media uploads
|
||||||
|
to a subdomain at your earliest convenience
|
||||||
|
""")
|
||||||
|
end
|
||||||
|
|
||||||
|
# This isn't actually an error condition, just a warning
|
||||||
|
:ok
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
2
mix.exs
2
mix.exs
|
@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
|
||||||
def project do
|
def project do
|
||||||
[
|
[
|
||||||
app: :pleroma,
|
app: :pleroma,
|
||||||
version: version("3.12.0"),
|
version: version("3.12.2"),
|
||||||
elixir: "~> 1.14",
|
elixir: "~> 1.14",
|
||||||
elixirc_paths: elixirc_paths(Mix.env()),
|
elixirc_paths: elixirc_paths(Mix.env()),
|
||||||
compilers: Mix.compilers(),
|
compilers: Mix.compilers(),
|
||||||
|
|
|
@ -289,4 +289,64 @@ defmodule Pleroma.Config.DeprecationWarningsTest do
|
||||||
|
|
||||||
Application.put_env(:tesla, :adapter, Tesla.Mock)
|
Application.put_env(:tesla, :adapter, Tesla.Mock)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "check_uploader_base_url_set/0" do
|
||||||
|
test "should error if the base_url is not set" do
|
||||||
|
clear_config([Pleroma.Upload, :base_url], nil)
|
||||||
|
|
||||||
|
# we need to capture the error
|
||||||
|
assert_raise ArgumentError, fn ->
|
||||||
|
assert capture_log(fn ->
|
||||||
|
DeprecationWarnings.check_uploader_base_url_set()
|
||||||
|
end) =~ "Your config does not specify a base_url for uploads!"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
test "should not error if the base_url is set" do
|
||||||
|
clear_config([Pleroma.Upload, :base_url], "https://example.com")
|
||||||
|
|
||||||
|
refute capture_log(fn ->
|
||||||
|
DeprecationWarnings.check_uploader_base_url_set()
|
||||||
|
end) =~ "Your config does not specify a base_url for uploads!"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "should not error if local uploader is not used" do
|
||||||
|
clear_config([Pleroma.Upload, :base_url], nil)
|
||||||
|
clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.S3)
|
||||||
|
|
||||||
|
refute capture_log(fn ->
|
||||||
|
DeprecationWarnings.check_uploader_base_url_set()
|
||||||
|
end) =~ "Your config does not specify a base_url for uploads!"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "check_uploader_base_url_is_not_base_domain/0" do
|
||||||
|
test "should error if the akkoma domain is the same as the upload domain" do
|
||||||
|
clear_config([Pleroma.Upload, :base_url], "http://localhost")
|
||||||
|
|
||||||
|
assert capture_log(fn ->
|
||||||
|
DeprecationWarnings.check_uploader_base_url_is_not_base_domain()
|
||||||
|
end) =~ "Your Akkoma Host and your Upload base_url's host are the same!"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "should not error if the local uploader is not used" do
|
||||||
|
clear_config([Pleroma.Upload, :base_url], "http://localhost")
|
||||||
|
clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.S3)
|
||||||
|
|
||||||
|
refute capture_log(fn ->
|
||||||
|
DeprecationWarnings.check_uploader_base_url_is_not_base_domain()
|
||||||
|
end) =~ "Your Akkoma Host and your Upload base_url's host are the same!"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "should not error if the akkoma domain is different from the upload domain" do
|
||||||
|
clear_config([Pleroma.Upload, :base_url], "https://media.localhost")
|
||||||
|
clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
|
||||||
|
|
||||||
|
refute capture_log(fn ->
|
||||||
|
DeprecationWarnings.check_uploader_base_url_is_not_base_domain()
|
||||||
|
end) =~ "Your Akkoma Host and your Upload base_url's host are the same!"
|
||||||
|
|
||||||
|
clear_config([Pleroma.Upload, :base_url])
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
|
defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
|
||||||
use Pleroma.DataCase
|
use Pleroma.DataCase, async: false
|
||||||
|
|
||||||
alias Pleroma.Config
|
alias Pleroma.Config
|
||||||
alias Pleroma.Emoji
|
alias Pleroma.Emoji
|
||||||
|
@ -60,6 +60,9 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
|
||||||
|
|
||||||
emoji_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/stolen")
|
emoji_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/stolen")
|
||||||
|
|
||||||
|
emoji_base_path = [:instance, :static_dir] |> Config.get() |> Path.join("emoji/")
|
||||||
|
File.mkdir_p(emoji_base_path)
|
||||||
|
|
||||||
Emoji.reload()
|
Emoji.reload()
|
||||||
|
|
||||||
message = %{
|
message = %{
|
||||||
|
|
|
@ -7,6 +7,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
|
||||||
|
|
||||||
alias Plug.Conn
|
alias Plug.Conn
|
||||||
|
|
||||||
|
setup_all do: clear_config([Pleroma.Upload, :base_url], nil)
|
||||||
|
|
||||||
describe "http security enabled" do
|
describe "http security enabled" do
|
||||||
setup do: clear_config([:http_security, :enabled], true)
|
setup do: clear_config([:http_security, :enabled], true)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue