[CORE] Add CONFIG_ prefix to environment whitelist

Fixed minor issues with Commong:config of env not being included and ported to local social yaml

Fixed some regressions introduced with [CORE] Unset sensitive information from the environment
This commit is contained in:
Diogo Peralta Cordeiro 2022-02-11 00:17:20 +00:00
parent 416451a519
commit fb3e900b28
Signed by: diogo
GPG Key ID: 18D2D35001FBFAB0
8 changed files with 20 additions and 15 deletions

4
bin/configure vendored
View File

@ -352,8 +352,8 @@ SOCIAL_DBMS=${DBMS}
SOCIAL_DB=${DB_NAME} SOCIAL_DB=${DB_NAME}
SOCIAL_USER=${DB_USER} SOCIAL_USER=${DB_USER}
SOCIAL_PASSWORD=${DB_PASSWORD} SOCIAL_PASSWORD=${DB_PASSWORD}
SOCIAL_DOMAIN=${DOMAIN} CONFIG_DOMAIN=${DOMAIN}
SOCIAL_NODE_NAME=${NODE_NAME} CONFIG_NODE_NAME=${NODE_NAME}
SOCIAL_ADMIN_EMAIL=${EMAIL} SOCIAL_ADMIN_EMAIL=${EMAIL}
SOCIAL_SITE_PROFILE=${PROFILE} SOCIAL_SITE_PROFILE=${PROFILE}
MAILER_DSN=${MAILER_DSN} MAILER_DSN=${MAILER_DSN}

View File

@ -152,7 +152,7 @@ class FreeNetwork extends Component
$parts = explode('@', mb_substr(urldecode($resource), 5)); // 5 is strlen of 'acct:' $parts = explode('@', mb_substr(urldecode($resource), 5)); // 5 is strlen of 'acct:'
if (\count($parts) === 2) { if (\count($parts) === 2) {
[$nick, $domain] = $parts; [$nick, $domain] = $parts;
if ($domain !== $_ENV['SOCIAL_DOMAIN']) { if ($domain !== Common::config('site', 'server')) {
throw new ServerException(_m('Remote profiles not supported via WebFinger yet.')); throw new ServerException(_m('Remote profiles not supported via WebFinger yet.'));
} }
@ -169,7 +169,7 @@ class FreeNetwork extends Component
// This means $resource is a valid url // This means $resource is a valid url
$resource_parts = parse_url($resource); $resource_parts = parse_url($resource);
// TODO: Use URLMatcher // TODO: Use URLMatcher
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) { if ($resource_parts['host'] === Common::config('site', 'server')) {
$str = $resource_parts['path']; $str = $resource_parts['path'];
// actor_view_nickname // actor_view_nickname
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m'; $renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
@ -379,7 +379,7 @@ class FreeNetwork extends Component
$actor = null; $actor = null;
$resource_parts = explode($preMention, $target); $resource_parts = explode($preMention, $target);
if ($resource_parts[1] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) { if ($resource_parts[1] === Common::config('site', 'server')) {
$actor = LocalUser::getByPK(['nickname' => $resource_parts[0]])->getActor(); $actor = LocalUser::getByPK(['nickname' => $resource_parts[0]])->getActor();
} else { } else {
Event::handle('FreeNetworkFindMentions', [$target, &$actor]); Event::handle('FreeNetworkFindMentions', [$target, &$actor]);
@ -408,7 +408,7 @@ class FreeNetwork extends Component
// This means $resource is a valid url // This means $resource is a valid url
$resource_parts = parse_url($url); $resource_parts = parse_url($url);
// TODO: Use URLMatcher // TODO: Use URLMatcher
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) { if ($resource_parts['host'] === Common::config('site', 'server')) {
$str = $resource_parts['path']; $str = $resource_parts['path'];
// actor_view_nickname // actor_view_nickname
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m'; $renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';

View File

@ -126,7 +126,7 @@ class Link extends Entity
{ {
if (Common::isValidHttpUrl($url)) { if (Common::isValidHttpUrl($url)) {
// If the URL is a local one, do not create a Link to it // If the URL is a local one, do not create a Link to it
if (parse_url($url, \PHP_URL_HOST) === $_ENV['SOCIAL_DOMAIN']) { if (parse_url($url, \PHP_URL_HOST) === Common::config('site', 'server')) {
Log::warning("It was attempted to create a Link to a local location {$url}."); Log::warning("It was attempted to create a Link to a local location {$url}.");
// Forbidden // Forbidden
throw new InvalidArgumentException(message: "A Link can't point to a local location ({$url}), it must be a remote one", code: 400); throw new InvalidArgumentException(message: "A Link can't point to a local location ({$url}), it must be a remote one", code: 400);

View File

@ -446,7 +446,7 @@ class ActivityPub extends Plugin
// This means $resource is a valid url // This means $resource is a valid url
$resource_parts = parse_url($resource); $resource_parts = parse_url($resource);
// TODO: Use URLMatcher // TODO: Use URLMatcher
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) { if ($resource_parts['host'] === Common::config('site', 'server')) {
$local_note = DB::findOneBy('note', ['url' => $resource], return_null: true); $local_note = DB::findOneBy('note', ['url' => $resource], return_null: true);
if ($local_note instanceof Note) { if ($local_note instanceof Note) {
return $local_note; return $local_note;
@ -493,7 +493,7 @@ class ActivityPub extends Plugin
// This means $resource is a valid url // This means $resource is a valid url
$resource_parts = parse_url($resource); $resource_parts = parse_url($resource);
// TODO: Use URLMatcher // TODO: Use URLMatcher
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) { if ($resource_parts['host'] === Common::config('site', 'server')) {
$str = $resource_parts['path']; $str = $resource_parts['path'];
// actor_view_nickname // actor_view_nickname
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m'; $renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';

View File

@ -35,6 +35,7 @@ namespace Plugin\ActivityPub\Controller;
use App\Core\Controller; use App\Core\Controller;
use App\Core\DB\DB; use App\Core\DB\DB;
use App\Core\Event; use App\Core\Event;
use App\Util\Common;
use function App\Core\I18n\_m; use function App\Core\I18n\_m;
use App\Core\Log; use App\Core\Log;
use App\Core\Router\Router; use App\Core\Router\Router;
@ -90,7 +91,7 @@ class Inbox extends Controller
try { try {
$resource_parts = parse_url($type->get('actor')); $resource_parts = parse_url($type->get('actor'));
if ($resource_parts['host'] !== $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) { if ($resource_parts['host'] !== Common::config('site', 'server')) {
$ap_actor = ActivitypubActor::fromUri($type->get('actor')); $ap_actor = ActivitypubActor::fromUri($type->get('actor'));
$actor = Actor::getById($ap_actor->getActorId()); $actor = Actor::getById($ap_actor->getActorId());
DB::flush(); DB::flush();

View File

@ -65,14 +65,14 @@ if ($trustedHosts = $_ENV['TRUSTED_HOSTS'] ?? $_SERVER['TRUSTED_HOSTS'] ?? false
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']); $kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
// Wrap the default Kernel with the CacheKernel one in 'prod' environment // Wrap the default Kernel with the CacheKernel one in 'prod' environment
if ('prod' === $kernel->getEnvironment() || isset($_ENV['SOCIAL_USE_CACHE_KERNEL'])) { if ('prod' === $kernel->getEnvironment() || isset($_ENV['CONFIG_USE_CACHE_KERNEL'])) {
$kernel = new CacheKernel($kernel); $kernel = new CacheKernel($kernel);
} }
$request = Request::createFromGlobals(); $request = Request::createFromGlobals();
$_ENV = array_filter( $_ENV = array_filter(
$_ENV, $_ENV,
fn (string $key) => Formatting::startsWith($key, ['HTTP', 'APP']) && $key !== 'APP_SECRET', fn (string $key) => Formatting::startsWith($key, ['HTTP', 'APP', 'CONFIG']) && $key !== 'APP_SECRET',
\ARRAY_FILTER_USE_KEY, \ARRAY_FILTER_USE_KEY,
); );
$response = $kernel->handle($request); $response = $kernel->handle($request);

View File

@ -79,6 +79,7 @@ use Symfony\Contracts\Translation\TranslatorInterface;
use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface; use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface; use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
use Twig\Environment; use Twig\Environment;
use Symfony\Component\Yaml;
/** /**
* @codeCoverageIgnore * @codeCoverageIgnore
@ -228,8 +229,10 @@ class GNUsocial implements EventSubscriberInterface
// Overriding doesn't work as we want, overrides the top-most key, do it manually // Overriding doesn't work as we want, overrides the top-most key, do it manually
$local_file = INSTALLDIR . '/social.local.yaml'; $local_file = INSTALLDIR . '/social.local.yaml';
if (!file_exists($local_file)) { if (!file_exists($local_file)) {
$node_name = $_ENV['SOCIAL_NODE_NAME']; $node_name = $_ENV['CONFIG_NODE_NAME'];
file_put_contents($local_file, "parameters:\n locals:\n gnusocial:\n site:\n name: {$node_name}\n"); $domain = $_ENV['CONFIG_DOMAIN'];
$yaml = (new Yaml\Dumper(indentation: 2))->dump(['parameters' => ['locals' => ['gnusocial' => ['site' => ['server' => $domain, 'name' => $node_name]]]]], Yaml\Yaml::DUMP_OBJECT_AS_MAP);
file_put_contents($local_file, $yaml);
} }
// Load .local // Load .local

View File

@ -21,6 +21,7 @@ declare(strict_types = 1);
namespace App\Tests\Entity; namespace App\Tests\Entity;
use App\Util\Common;
use App\Util\GNUsocialTestCase; use App\Util\GNUsocialTestCase;
use Component\Link\Entity\Link; use Component\Link\Entity\Link;
use InvalidArgumentException; use InvalidArgumentException;
@ -36,6 +37,6 @@ class LinkTest extends GNUsocialTestCase
$link = Link::getOrCreate('https://gnu.org'); $link = Link::getOrCreate('https://gnu.org');
static::assertNotNull($link->getUrl()); static::assertNotNull($link->getUrl());
static::assertThrows(InvalidArgumentException::class, fn () => Link::getOrCreate('https://' . $_ENV['SOCIAL_DOMAIN'])); static::assertThrows(InvalidArgumentException::class, fn () => Link::getOrCreate('https://' . Common::config('site', 'server')));
} }
} }