make sure the url used by proxy is same as origin url
encoding or decoding it breaks some of the signed url
This commit is contained in:
parent
3589b30ddc
commit
f5ad430974
@ -33,20 +33,7 @@ defp whitelisted?(url) do
|
|||||||
|
|
||||||
def encode_url(url) do
|
def encode_url(url) do
|
||||||
secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
|
secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
|
||||||
|
base64 = Base.url_encode64(url, @base64_opts)
|
||||||
# Must preserve `%2F` for compatibility with S3
|
|
||||||
# https://git.pleroma.social/pleroma/pleroma/issues/580
|
|
||||||
replacement = get_replacement(url, ":2F:")
|
|
||||||
|
|
||||||
# The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
|
|
||||||
base64 =
|
|
||||||
url
|
|
||||||
|> String.replace("%2F", replacement)
|
|
||||||
|> URI.decode()
|
|
||||||
|> URI.encode()
|
|
||||||
|> String.replace(replacement, "%2F")
|
|
||||||
|> Base.url_encode64(@base64_opts)
|
|
||||||
|
|
||||||
sig = :crypto.hmac(:sha, secret, base64)
|
sig = :crypto.hmac(:sha, secret, base64)
|
||||||
sig64 = sig |> Base.url_encode64(@base64_opts)
|
sig64 = sig |> Base.url_encode64(@base64_opts)
|
||||||
|
|
||||||
@ -80,12 +67,4 @@ def build_url(sig_base64, url_base64, filename \\ nil) do
|
|||||||
|> Enum.filter(fn value -> value end)
|
|> Enum.filter(fn value -> value end)
|
||||||
|> Path.join()
|
|> Path.join()
|
||||||
end
|
end
|
||||||
|
|
||||||
defp get_replacement(url, replacement) do
|
|
||||||
if String.contains?(url, replacement) do
|
|
||||||
get_replacement(url, replacement <> replacement)
|
|
||||||
else
|
|
||||||
replacement
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
@ -70,9 +70,12 @@ test "encodes and decodes URL and ignores query params for the path" do
|
|||||||
assert decode_result(encoded) == url
|
assert decode_result(encoded) == url
|
||||||
end
|
end
|
||||||
|
|
||||||
test "ensures urls are url-encoded" do
|
# Some of the signed url expect the special character in the url to be same
|
||||||
|
# for the proxy to work.
|
||||||
|
# Issue https://git.pleroma.social/pleroma/pleroma/issues/1055
|
||||||
|
test "ensures urls are maintained (character are not encoded or decoded)" do
|
||||||
assert decode_result(url("https://pleroma.social/Hello world.jpg")) ==
|
assert decode_result(url("https://pleroma.social/Hello world.jpg")) ==
|
||||||
"https://pleroma.social/Hello%20world.jpg"
|
"https://pleroma.social/Hello world.jpg"
|
||||||
|
|
||||||
assert decode_result(url("https://pleroma.social/Hello%20world.jpg")) ==
|
assert decode_result(url("https://pleroma.social/Hello%20world.jpg")) ==
|
||||||
"https://pleroma.social/Hello%20world.jpg"
|
"https://pleroma.social/Hello%20world.jpg"
|
||||||
|
Loading…
Reference in New Issue
Block a user