about summary refs log tree commit diff
path: root/app/lib/request.rb
AgeCommit message (Collapse)Author
2018-11-27Fix TLS handshake timeout not being enforced (#9381)Eugen Rochko
Follow-up to #9329
2018-11-27Fix nil error when no DNS addresses are found for host (#9379)Eugen Rochko
2018-11-22Fix connect timeout not being enforced (#9329)Eugen Rochko
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
2018-11-21Revert connect timeout from 1s to 10s (#9319)Eugen Rochko
The failure rate in Sidekiq is too high
2018-11-08Reduce connect timeout limit and limit signature failures by source IP (#9236)Eugen Rochko
* Reduce connect timeout from 10s to 1s * Limit failing signature verifications per source IP
2018-08-31Do not sign useless User-Agent or Accept-Encoding headers (#8533)Eugen Rochko
Fix #8080
2018-08-26Add CLI task for rotating keys (#8466)Eugen Rochko
* If an Update is signed with known key, skip re-following procedure Because it means the remote actor did *not* lose their database * Add CLI method for rotating keys bin/tootctl accounts rotate [USERNAME] Generates a new RSA key per account and sends out an Update activity signed with the old key. * Key rotation: Space out Update fan-outs every 5 minutes per 1000 accounts * Skip suspended accounts in key rotation
2018-06-29Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into ↵MIYAGI Hikaru
`ALLOW_ACCESS_TO_HIDDEN_SERVICE` (#7901) If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address. I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`.
2018-05-18User agent for WebFinger (#7531)MIYAGI Hikaru
* User agent for WebFinger * local_domain → web_domain * 'http' is away accidentally...
2018-05-10Disable inflate gzip on head method (#7432)Yamagishi Kazutoshi
2018-05-09Support gzip encoding on Request (#7425)Yamagishi Kazutoshi
2018-05-02Guard against nil URLs in Request class (#7284)Eugen Rochko
Fix #7265
2018-04-25HTTP proxy support for outgoing request, manage access to hidden service (#7134)MIYAGI Hikaru
* Add support for HTTP client proxy * Add access control for darknet Supress error when access to darknet via transparent proxy * Fix the codes pointed out * Lint * Fix an omission + lint * any? -> include? * Change detection method to regexp to avoid test fail
2018-03-26Validate HTTP response length while receiving (#6891)Akihiko Odaki
to_s method of HTTP::Response keeps blocking while it receives the whole content, no matter how it is big. This means it may waste time to receive unacceptably large files. It may also consume memory and disk in the process. This solves the inefficency by checking response length while receiving.
2018-03-24Close http connection in perform method of Request class (#6889)Akihiko Odaki
HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
2018-03-20request: in the event of failure, try other IPs (#6761) (#6813)Rey Tucker
* request: in the event of failure, try other IPs (#6761) In the case where a name has multiple A/AAAA records, we should try subsequent records instead of immediately failing when we have a failure on the first IP address. This significantly improves delivery success when there are network connectivity problems affecting only IPv4 or IPv6. * fix method call style * request_spec: adjust test case to use Addrinfo * request: Request/open: move private addr check to within begin/rescue * request_spec: add case to test failover, fix exception check * Double Addrinfo.foreach so that it correctly yields instances
2018-02-24Raise Mastodon::HostValidationError when host for HTTP request is private ↵Akihiko Odaki
(#6410)
2017-12-06Using double splat operator (#5859)Yamagishi Kazutoshi
2017-10-02Suppress backtrace from Request#perform (#5174)Daigo 3 Dango
2017-09-28Change max redirects followed to 2 (#5136)Eugen Rochko
I see no reason to allow more than that. Usually a redirect is HTTP->HTTPS, then maybe URL structure changed, but more than that is highly unlikely to be a legitimate use case.
2017-09-14Include requested URL into the message on network errors (#4945)unarist
2017-08-09Add Digest header to requests with body, handle acct and URI keyId (#4565)Eugen Rochko
2017-07-14HTTP signatures (#4146)Eugen Rochko
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)