diff options
| author | David Yip <yipdw@member.fsf.org> | 2018-05-03 17:23:44 -0500 |
|---|---|---|
| committer | David Yip <yipdw@member.fsf.org> | 2018-05-03 17:23:44 -0500 |
| commit | c816701550d7cdb593371dc47d0b9430c78308b0 (patch) | |
| tree | cc4417d14de20e69fd5f9a58d66f84af4a623329 /config/initializers | |
| parent | 3a47842223ff93d8c057f804809f1b111dfd6f76 (diff) | |
| parent | a7e71bbd08e089938fbf20ddef5768c2f3ee0702 (diff) | |
Merge remote-tracking branch 'origin/master' into gs-master
Conflicts: .travis.yml Gemfile.lock README.md app/controllers/settings/follower_domains_controller.rb app/controllers/statuses_controller.rb app/javascript/mastodon/locales/ja.json app/lib/feed_manager.rb app/models/media_attachment.rb app/models/mute.rb app/models/status.rb app/services/mute_service.rb app/views/home/index.html.haml app/views/stream_entries/_simple_status.html.haml config/locales/ca.yml config/locales/en.yml config/locales/es.yml config/locales/fr.yml config/locales/nl.yml config/locales/pl.yml config/locales/pt-BR.yml config/themes.yml
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/http_client_proxy.rb | 24 | ||||
| -rw-r--r-- | config/initializers/json_ld.rb | 5 | ||||
| -rw-r--r-- | config/initializers/oembed.rb | 4 | ||||
| -rw-r--r-- | config/initializers/rack_attack.rb | 4 |
4 files changed, 28 insertions, 9 deletions
diff --git a/config/initializers/http_client_proxy.rb b/config/initializers/http_client_proxy.rb new file mode 100644 index 000000000..f5026d59e --- /dev/null +++ b/config/initializers/http_client_proxy.rb @@ -0,0 +1,24 @@ +Rails.application.configure do + config.x.http_client_proxy = {} + if ENV['http_proxy'].present? + proxy = URI.parse(ENV['http_proxy']) + raise "Unsupported proxy type: #{proxy.scheme}" unless %w(http https).include? proxy.scheme + raise "No proxy host" unless proxy.host + + host = proxy.host + host = host[1...-1] if host[0] == '[' #for IPv6 address + config.x.http_client_proxy[:proxy] = { proxy_address: host, proxy_port: proxy.port, proxy_username: proxy.user, proxy_password: proxy.password }.compact + end + + config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true' + config.x.hidden_service_via_transparent_proxy = ENV['HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY'] == 'true' +end + +module Goldfinger + def self.finger(uri, opts = {}) + to_hidden = /\.(onion|i2p)(:\d+)?$/.match(uri) + raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if !Rails.configuration.x.access_to_hidden_service && to_hidden + opts = opts.merge(Rails.configuration.x.http_client_proxy).merge(ssl: !to_hidden) + Goldfinger::Client.new(uri, opts).finger + end +end diff --git a/config/initializers/json_ld.rb b/config/initializers/json_ld.rb deleted file mode 100644 index 2ddc7352d..000000000 --- a/config/initializers/json_ld.rb +++ /dev/null @@ -1,5 +0,0 @@ -# frozen_string_literal: true - -require_relative '../../lib/json_ld/identity' -require_relative '../../lib/json_ld/security' -require_relative '../../lib/json_ld/activitystreams' diff --git a/config/initializers/oembed.rb b/config/initializers/oembed.rb deleted file mode 100644 index 208e586cb..000000000 --- a/config/initializers/oembed.rb +++ /dev/null @@ -1,4 +0,0 @@ -# frozen_string_literal: true - -require_relative '../../app/lib/provider_discovery' -OEmbed::Providers.register_fallback(ProviderDiscovery) diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index b35452f04..0ca0a7e7f 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -53,6 +53,10 @@ class Rack::Attack req.ip if req.api_request? end + throttle('throttle_media', limit: 30, period: 30.minutes) do |req| + req.authenticated_user_id if req.post? && req.path.start_with?('/api/v1/media') + end + throttle('protected_paths', limit: 25, period: 5.minutes) do |req| req.ip if req.post? && req.path =~ PROTECTED_PATHS_REGEX end |