Never forward the client's user-agent through the media proxy

This commit is contained in:
Alex Gleason 2021-02-22 14:46:59 -06:00 committed by lain
parent 4cb166e979
commit 1dc5794e29
2 changed files with 26 additions and 38 deletions

View file

@ -4,7 +4,7 @@
defmodule Pleroma.ReverseProxy do defmodule Pleroma.ReverseProxy do
@range_headers ~w(range if-range) @range_headers ~w(range if-range)
@keep_req_headers ~w(accept user-agent accept-encoding cache-control if-modified-since) ++ @keep_req_headers ~w(accept accept-encoding cache-control if-modified-since) ++
~w(if-unmodified-since if-none-match) ++ @range_headers ~w(if-unmodified-since if-none-match) ++ @range_headers
@resp_cache_headers ~w(etag date last-modified) @resp_cache_headers ~w(etag date last-modified)
@keep_resp_headers @resp_cache_headers ++ @keep_resp_headers @resp_cache_headers ++
@ -57,9 +57,6 @@ def default_cache_control_header, do: @default_cache_control_header
* `false` will add `content-disposition: attachment` to any request, * `false` will add `content-disposition: attachment` to any request,
* a list of whitelisted content types * a list of whitelisted content types
* `keep_user_agent` will forward the client's user-agent to the upstream. This may be useful if the upstream is
doing content transformation (encoding, ) depending on the request.
* `req_headers`, `resp_headers` additional headers. * `req_headers`, `resp_headers` additional headers.
* `http`: options for [hackney](https://github.com/benoitc/hackney) or [gun](https://github.com/ninenines/gun). * `http`: options for [hackney](https://github.com/benoitc/hackney) or [gun](https://github.com/ninenines/gun).
@ -84,8 +81,7 @@ def default_cache_control_header, do: @default_cache_control_header
import Plug.Conn import Plug.Conn
@type option() :: @type option() ::
{:keep_user_agent, boolean} {:max_read_duration, :timer.time() | :infinity}
| {:max_read_duration, :timer.time() | :infinity}
| {:max_body_length, non_neg_integer() | :infinity} | {:max_body_length, non_neg_integer() | :infinity}
| {:failed_request_ttl, :timer.time() | :infinity} | {:failed_request_ttl, :timer.time() | :infinity}
| {:http, []} | {:http, []}
@ -291,17 +287,13 @@ defp build_req_range_or_encoding_header(headers, _opts) do
end end
end end
defp build_req_user_agent_header(headers, opts) do defp build_req_user_agent_header(headers, _opts) do
if Keyword.get(opts, :keep_user_agent, false) do
List.keystore( List.keystore(
headers, headers,
"user-agent", "user-agent",
0, 0,
{"user-agent", Pleroma.Application.user_agent()} {"user-agent", Pleroma.Application.user_agent()}
) )
else
headers
end
end end
defp build_resp_headers(headers, opts) do defp build_resp_headers(headers, opts) do

View file

@ -18,24 +18,23 @@ defmodule Pleroma.ReverseProxyTest do
setup :verify_on_exit! setup :verify_on_exit!
defp user_agent_mock(user_agent, invokes) do defp user_agent_mock(invokes) do
json = Jason.encode!(%{"user-agent": user_agent})
ClientMock ClientMock
|> expect(:request, fn :get, url, _, _, _ -> |> expect(:request, fn :get, url, headers, _body, _opts ->
Registry.register(ClientMock, url, 0) Registry.register(ClientMock, url, 0)
body = headers |> Enum.into(%{}) |> Jason.encode!()
{:ok, 200, {:ok, 200,
[ [
{"content-type", "application/json"}, {"content-type", "application/json"},
{"content-length", byte_size(json) |> to_string()} {"content-length", byte_size(body) |> to_string()}
], %{url: url}} ], %{url: url, body: body}}
end) end)
|> expect(:stream_body, invokes, fn %{url: url} = client -> |> expect(:stream_body, invokes, fn %{url: url, body: body} = client ->
case Registry.lookup(ClientMock, url) do case Registry.lookup(ClientMock, url) do
[{_, 0}] -> [{_, 0}] ->
Registry.update_value(ClientMock, url, &(&1 + 1)) Registry.update_value(ClientMock, url, &(&1 + 1))
{:ok, json, client} {:ok, body, client}
[{_, 1}] -> [{_, 1}] ->
Registry.unregister(ClientMock, url) Registry.unregister(ClientMock, url)
@ -46,7 +45,7 @@ defp user_agent_mock(user_agent, invokes) do
describe "reverse proxy" do describe "reverse proxy" do
test "do not track successful request", %{conn: conn} do test "do not track successful request", %{conn: conn} do
user_agent_mock("hackney/1.15.1", 2) user_agent_mock(2)
url = "/success" url = "/success"
conn = ReverseProxy.call(conn, url) conn = ReverseProxy.call(conn, url)
@ -56,19 +55,16 @@ test "do not track successful request", %{conn: conn} do
end end
end end
describe "user-agent" do test "use Pleroma's user agent in the request; don't pass the client's", %{conn: conn} do
test "don't keep", %{conn: conn} do user_agent_mock(2)
user_agent_mock("hackney/1.15.1", 2)
conn = ReverseProxy.call(conn, "/user-agent") conn =
assert json_response(conn, 200) == %{"user-agent" => "hackney/1.15.1"} conn
end |> Plug.Conn.put_req_header("user-agent", "fake/1.0")
|> ReverseProxy.call("/user-agent")
test "keep", %{conn: conn} do
user_agent_mock(Pleroma.Application.user_agent(), 2)
conn = ReverseProxy.call(conn, "/user-agent-keep", keep_user_agent: true)
assert json_response(conn, 200) == %{"user-agent" => Pleroma.Application.user_agent()} assert json_response(conn, 200) == %{"user-agent" => Pleroma.Application.user_agent()}
end end
end
test "closed connection", %{conn: conn} do test "closed connection", %{conn: conn} do
ClientMock ClientMock
@ -114,7 +110,7 @@ defp stream_mock(invokes, with_close? \\ false) do
describe "max_body" do describe "max_body" do
test "length returns error if content-length more than option", %{conn: conn} do test "length returns error if content-length more than option", %{conn: conn} do
user_agent_mock("hackney/1.15.1", 0) user_agent_mock(0)
assert capture_log(fn -> assert capture_log(fn ->
ReverseProxy.call(conn, "/huge-file", max_body_length: 4) ReverseProxy.call(conn, "/huge-file", max_body_length: 4)