make sure the url used by proxy is same as origin url
encoding or decoding it breaks some of the signed url
This commit is contained in:
parent
3589b30ddc
commit
f5ad430974
2 changed files with 6 additions and 24 deletions
|
@ -33,20 +33,7 @@ defp whitelisted?(url) do
|
|||
|
||||
def encode_url(url) do
|
||||
secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
|
||||
|
||||
# Must preserve `%2F` for compatibility with S3
|
||||
# https://git.pleroma.social/pleroma/pleroma/issues/580
|
||||
replacement = get_replacement(url, ":2F:")
|
||||
|
||||
# The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
|
||||
base64 =
|
||||
url
|
||||
|> String.replace("%2F", replacement)
|
||||
|> URI.decode()
|
||||
|> URI.encode()
|
||||
|> String.replace(replacement, "%2F")
|
||||
|> Base.url_encode64(@base64_opts)
|
||||
|
||||
base64 = Base.url_encode64(url, @base64_opts)
|
||||
sig = :crypto.hmac(:sha, secret, base64)
|
||||
sig64 = sig |> Base.url_encode64(@base64_opts)
|
||||
|
||||
|
@ -80,12 +67,4 @@ def build_url(sig_base64, url_base64, filename \\ nil) do
|
|||
|> Enum.filter(fn value -> value end)
|
||||
|> Path.join()
|
||||
end
|
||||
|
||||
defp get_replacement(url, replacement) do
|
||||
if String.contains?(url, replacement) do
|
||||
get_replacement(url, replacement <> replacement)
|
||||
else
|
||||
replacement
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -70,9 +70,12 @@ test "encodes and decodes URL and ignores query params for the path" do
|
|||
assert decode_result(encoded) == url
|
||||
end
|
||||
|
||||
test "ensures urls are url-encoded" do
|
||||
# Some of the signed url expect the special character in the url to be same
|
||||
# for the proxy to work.
|
||||
# Issue https://git.pleroma.social/pleroma/pleroma/issues/1055
|
||||
test "ensures urls are maintained (character are not encoded or decoded)" do
|
||||
assert decode_result(url("https://pleroma.social/Hello world.jpg")) ==
|
||||
"https://pleroma.social/Hello%20world.jpg"
|
||||
"https://pleroma.social/Hello world.jpg"
|
||||
|
||||
assert decode_result(url("https://pleroma.social/Hello%20world.jpg")) ==
|
||||
"https://pleroma.social/Hello%20world.jpg"
|
||||
|
|
Loading…
Reference in a new issue