From 6fa81ca17e50c2f66a4357fc6866b33b7a606b42 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 16 Mar 2023 02:53:55 +0100 Subject: Remove `bullet` and `active_record_query_trace` gems (#24121) --- config/environments/development.rb | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) (limited to 'config/environments') diff --git a/config/environments/development.rb b/config/environments/development.rb index 29b17a350..f5f6cbed8 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -24,7 +24,6 @@ Rails.application.configure do } else config.action_controller.perform_caching = false - config.cache_store = :null_store end @@ -34,9 +33,10 @@ Rails.application.configure do end # Generate random VAPID keys - vapid_key = Webpush.generate_key - config.x.vapid_private_key = vapid_key.private_key - config.x.vapid_public_key = vapid_key.public_key + Webpush.generate_key.tap do |vapid_key| + config.x.vapid_private_key = vapid_key.private_key + config.x.vapid_public_key = vapid_key.public_key + end # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false @@ -76,21 +76,13 @@ Rails.application.configure do # Otherwise, use letter_opener, which launches a browser window to view sent mail. config.action_mailer.delivery_method = (ENV['HEROKU'] || ENV['VAGRANT'] || ENV['REMOTE_DEV']) ? :letter_opener_web : :letter_opener - config.after_initialize do - Bullet.enable = true - Bullet.bullet_logger = true - Bullet.rails_logger = false - - Bullet.add_safelist type: :n_plus_one_query, class_name: 'User', association: :account - end - + # We provide a default secret for the development environment here. + # This value should not be used in production environments! config.x.otp_secret = ENV.fetch('OTP_SECRET', '1fc2b87989afa6351912abeebe31ffc5c476ead9bf8b3d74cbc4a302c7b69a45b40b1bbef3506ddad73e942e15ed5ca4b402bf9a66423626051104f4b5f05109') end Redis.raise_deprecations = true -ActiveRecordQueryTrace.enabled = ENV['QUERY_TRACE_ENABLED'] == 'true' - module PrivateAddressCheck def self.private_address?(*) false -- cgit From 8cb2543ee571e47be46195eed798194136aeae4c Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 16 Mar 2023 02:55:13 +0100 Subject: Add `SENDFILE_HEADER` environment variable (#24123) --- config/environments/production.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'config/environments') diff --git a/config/environments/production.rb b/config/environments/production.rb index 345a255a7..b8536c53a 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -38,8 +38,7 @@ Rails.application.configure do # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache - config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + config.action_dispatch.x_sendfile_header = ENV['SENDFILE_HEADER'] if ENV['SENDFILE_HEADER'].present? # Allow to specify public IP of reverse proxy if it's needed config.action_dispatch.trusted_proxies = ENV['TRUSTED_PROXY_IP'].split(/(?:\s*,\s*|\s+)/).map { |item| IPAddr.new(item) } if ENV['TRUSTED_PROXY_IP'].present? -- cgit From f0e727f958cd9428b2c56a3c6a65bbbf176bfa0d Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 16 Mar 2023 02:55:54 +0100 Subject: Add cache headers to static files served through Rails (#24120) --- config/application.rb | 5 +++++ config/environments/development.rb | 5 ----- config/environments/production.rb | 12 +--------- config/environments/test.rb | 5 ----- lib/public_file_server_middleware.rb | 43 ++++++++++++++++++++++++++++++++++++ 5 files changed, 49 insertions(+), 21 deletions(-) create mode 100644 lib/public_file_server_middleware.rb (limited to 'config/environments') diff --git a/config/application.rb b/config/application.rb index c51eacd68..43631c551 100644 --- a/config/application.rb +++ b/config/application.rb @@ -35,6 +35,7 @@ require_relative '../lib/terrapin/multi_pipe_extensions' require_relative '../lib/mastodon/snowflake' require_relative '../lib/mastodon/version' require_relative '../lib/mastodon/rack_middleware' +require_relative '../lib/public_file_server_middleware' require_relative '../lib/devise/two_factor_ldap_authenticatable' require_relative '../lib/devise/two_factor_pam_authenticatable' require_relative '../lib/chewy/strategy/mastodon' @@ -181,6 +182,10 @@ module Mastodon config.active_job.queue_adapter = :sidekiq config.action_mailer.deliver_later_queue_name = 'mailers' + # We use our own middleware for this + config.public_file_server.enabled = false + + config.middleware.use PublicFileServerMiddleware if Rails.env.development? || ENV['RAILS_SERVE_STATIC_FILES'] == 'true' config.middleware.use Rack::Attack config.middleware.use Mastodon::RackMiddleware diff --git a/config/environments/development.rb b/config/environments/development.rb index f5f6cbed8..32c5cce8b 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -16,12 +16,7 @@ Rails.application.configure do # Run rails dev:cache to toggle caching. if Rails.root.join('tmp/caching-dev.txt').exist? config.action_controller.perform_caching = true - config.cache_store = :redis_cache_store, REDIS_CACHE_PARAMS - - config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{2.days.to_i}", - } else config.action_controller.perform_caching = false config.cache_store = :null_store diff --git a/config/environments/production.rb b/config/environments/production.rb index b8536c53a..00d783477 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -19,24 +19,14 @@ Rails.application.configure do # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). # config.require_master_key = true - # Disable serving static files from the `/public` folder by default since - # Apache or NGINX already handles this. - config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? - ActiveSupport::Logger.new(STDOUT).tap do |logger| logger.formatter = config.log_formatter config.logger = ActiveSupport::TaggedLogging.new(logger) end - # Compress JavaScripts and CSS. - # config.assets.js_compressor = Uglifier.new(mangle: false) - # config.assets.css_compressor = :sass - # Do not fallback to assets pipeline if a precompiled asset is missed. config.assets.compile = false - # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb - # Specifies the header that your server uses for sending files. config.action_dispatch.x_sendfile_header = ENV['SENDFILE_HEADER'] if ENV['SENDFILE_HEADER'].present? @@ -66,7 +56,7 @@ Rails.application.configure do # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # English when a translation cannot be found). - config.i18n.fallbacks = [:en] + config.i18n.fallbacks = true # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify diff --git a/config/environments/test.rb b/config/environments/test.rb index 9cbf31e8d..1328e155a 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -12,11 +12,6 @@ Rails.application.configure do # preloads Rails for running tests, you may have to set it to true. config.eager_load = false - # Configure public file server for tests with Cache-Control for performance. - config.public_file_server.enabled = true - config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.to_i}" - } config.assets.digest = false # Show full error reports and disable caching. diff --git a/lib/public_file_server_middleware.rb b/lib/public_file_server_middleware.rb new file mode 100644 index 000000000..3799230a2 --- /dev/null +++ b/lib/public_file_server_middleware.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true + +require 'action_dispatch/middleware/static' + +class PublicFileServerMiddleware + SERVICE_WORKER_TTL = 7.days.to_i + CACHE_TTL = 28.days.to_i + + def initialize(app) + @app = app + @file_handler = ActionDispatch::FileHandler.new(Rails.application.paths['public'].first) + end + + def call(env) + file = @file_handler.attempt(env) + + # If the request is not a static file, move on! + return @app.call(env) if file.nil? + + status, headers, response = file + + # Set cache headers on static files. Some paths require different cache headers + headers['Cache-Control'] = begin + request_path = env['REQUEST_PATH'] + + if request_path.start_with?('/sw.js') + "public, max-age=#{SERVICE_WORKER_TTL}, must-revalidate" + elsif request_path.start_with?(paperclip_root_url) + "public, max-age=#{CACHE_TTL}, immutable" + else + "public, max-age=#{CACHE_TTL}, must-revalidate" + end + end + + [status, headers, response] + end + + private + + def paperclip_root_url + ENV.fetch('PAPERCLIP_ROOT_URL', '/system') + end +end -- cgit From 630436ab2d84b5ed2334ad510cb9ad6253050ae5 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 16 Mar 2023 04:33:38 +0100 Subject: Refactor monkey-patching of `PrivateAddressCheck` (#24122) --- app/lib/request.rb | 4 +++- config/environments/development.rb | 6 ------ 2 files changed, 3 insertions(+), 7 deletions(-) (limited to 'config/environments') diff --git a/app/lib/request.rb b/app/lib/request.rb index 85716f999..4bde6fc91 100644 --- a/app/lib/request.rb +++ b/app/lib/request.rb @@ -273,7 +273,9 @@ class Request def check_private_address(address, host) addr = IPAddr.new(address.to_s) - return if private_address_exceptions.any? { |range| range.include?(addr) } + + return if Rails.env.development? || private_address_exceptions.any? { |range| range.include?(addr) } + raise Mastodon::PrivateNetworkAddressError, host if PrivateAddressCheck.private_address?(addr) end diff --git a/config/environments/development.rb b/config/environments/development.rb index 32c5cce8b..a633dfce5 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -77,9 +77,3 @@ Rails.application.configure do end Redis.raise_deprecations = true - -module PrivateAddressCheck - def self.private_address?(*) - false - end -end -- cgit