[CORE] Add CONFIG_ prefix to environment whitelist

Fixed minor issues with Commong:config of env not being included and ported to local social yaml

Fixed some regressions introduced with [CORE] Unset sensitive information from the environment
This commit is contained in:
Diogo Peralta Cordeiro 2022-02-11 00:17:20 +00:00
parent 416451a519
commit fb3e900b28
Signed by: diogo
GPG Key ID: 18D2D35001FBFAB0
8 changed files with 20 additions and 15 deletions

4
bin/configure vendored
View File

@ -352,8 +352,8 @@ SOCIAL_DBMS=${DBMS}
SOCIAL_DB=${DB_NAME}
SOCIAL_USER=${DB_USER}
SOCIAL_PASSWORD=${DB_PASSWORD}
SOCIAL_DOMAIN=${DOMAIN}
SOCIAL_NODE_NAME=${NODE_NAME}
CONFIG_DOMAIN=${DOMAIN}
CONFIG_NODE_NAME=${NODE_NAME}
SOCIAL_ADMIN_EMAIL=${EMAIL}
SOCIAL_SITE_PROFILE=${PROFILE}
MAILER_DSN=${MAILER_DSN}

View File

@ -152,7 +152,7 @@ class FreeNetwork extends Component
$parts = explode('@', mb_substr(urldecode($resource), 5)); // 5 is strlen of 'acct:'
if (\count($parts) === 2) {
[$nick, $domain] = $parts;
if ($domain !== $_ENV['SOCIAL_DOMAIN']) {
if ($domain !== Common::config('site', 'server')) {
throw new ServerException(_m('Remote profiles not supported via WebFinger yet.'));
}
@ -169,7 +169,7 @@ class FreeNetwork extends Component
// This means $resource is a valid url
$resource_parts = parse_url($resource);
// TODO: Use URLMatcher
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
if ($resource_parts['host'] === Common::config('site', 'server')) {
$str = $resource_parts['path'];
// actor_view_nickname
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
@ -379,7 +379,7 @@ class FreeNetwork extends Component
$actor = null;
$resource_parts = explode($preMention, $target);
if ($resource_parts[1] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
if ($resource_parts[1] === Common::config('site', 'server')) {
$actor = LocalUser::getByPK(['nickname' => $resource_parts[0]])->getActor();
} else {
Event::handle('FreeNetworkFindMentions', [$target, &$actor]);
@ -408,7 +408,7 @@ class FreeNetwork extends Component
// This means $resource is a valid url
$resource_parts = parse_url($url);
// TODO: Use URLMatcher
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
if ($resource_parts['host'] === Common::config('site', 'server')) {
$str = $resource_parts['path'];
// actor_view_nickname
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';

View File

@ -126,7 +126,7 @@ class Link extends Entity
{
if (Common::isValidHttpUrl($url)) {
// If the URL is a local one, do not create a Link to it
if (parse_url($url, \PHP_URL_HOST) === $_ENV['SOCIAL_DOMAIN']) {
if (parse_url($url, \PHP_URL_HOST) === Common::config('site', 'server')) {
Log::warning("It was attempted to create a Link to a local location {$url}.");
// Forbidden
throw new InvalidArgumentException(message: "A Link can't point to a local location ({$url}), it must be a remote one", code: 400);

View File

@ -446,7 +446,7 @@ class ActivityPub extends Plugin
// This means $resource is a valid url
$resource_parts = parse_url($resource);
// TODO: Use URLMatcher
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
if ($resource_parts['host'] === Common::config('site', 'server')) {
$local_note = DB::findOneBy('note', ['url' => $resource], return_null: true);
if ($local_note instanceof Note) {
return $local_note;
@ -493,7 +493,7 @@ class ActivityPub extends Plugin
// This means $resource is a valid url
$resource_parts = parse_url($resource);
// TODO: Use URLMatcher
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
if ($resource_parts['host'] === Common::config('site', 'server')) {
$str = $resource_parts['path'];
// actor_view_nickname
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';

View File

@ -35,6 +35,7 @@ namespace Plugin\ActivityPub\Controller;
use App\Core\Controller;
use App\Core\DB\DB;
use App\Core\Event;
use App\Util\Common;
use function App\Core\I18n\_m;
use App\Core\Log;
use App\Core\Router\Router;
@ -90,7 +91,7 @@ class Inbox extends Controller
try {
$resource_parts = parse_url($type->get('actor'));
if ($resource_parts['host'] !== $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
if ($resource_parts['host'] !== Common::config('site', 'server')) {
$ap_actor = ActivitypubActor::fromUri($type->get('actor'));
$actor = Actor::getById($ap_actor->getActorId());
DB::flush();

View File

@ -65,14 +65,14 @@ if ($trustedHosts = $_ENV['TRUSTED_HOSTS'] ?? $_SERVER['TRUSTED_HOSTS'] ?? false
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
// Wrap the default Kernel with the CacheKernel one in 'prod' environment
if ('prod' === $kernel->getEnvironment() || isset($_ENV['SOCIAL_USE_CACHE_KERNEL'])) {
if ('prod' === $kernel->getEnvironment() || isset($_ENV['CONFIG_USE_CACHE_KERNEL'])) {
$kernel = new CacheKernel($kernel);
}
$request = Request::createFromGlobals();
$_ENV = array_filter(
$_ENV,
fn (string $key) => Formatting::startsWith($key, ['HTTP', 'APP']) && $key !== 'APP_SECRET',
fn (string $key) => Formatting::startsWith($key, ['HTTP', 'APP', 'CONFIG']) && $key !== 'APP_SECRET',
\ARRAY_FILTER_USE_KEY,
);
$response = $kernel->handle($request);

View File

@ -79,6 +79,7 @@ use Symfony\Contracts\Translation\TranslatorInterface;
use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
use Twig\Environment;
use Symfony\Component\Yaml;
/**
* @codeCoverageIgnore
@ -228,8 +229,10 @@ class GNUsocial implements EventSubscriberInterface
// Overriding doesn't work as we want, overrides the top-most key, do it manually
$local_file = INSTALLDIR . '/social.local.yaml';
if (!file_exists($local_file)) {
$node_name = $_ENV['SOCIAL_NODE_NAME'];
file_put_contents($local_file, "parameters:\n locals:\n gnusocial:\n site:\n name: {$node_name}\n");
$node_name = $_ENV['CONFIG_NODE_NAME'];
$domain = $_ENV['CONFIG_DOMAIN'];
$yaml = (new Yaml\Dumper(indentation: 2))->dump(['parameters' => ['locals' => ['gnusocial' => ['site' => ['server' => $domain, 'name' => $node_name]]]]], Yaml\Yaml::DUMP_OBJECT_AS_MAP);
file_put_contents($local_file, $yaml);
}
// Load .local

View File

@ -21,6 +21,7 @@ declare(strict_types = 1);
namespace App\Tests\Entity;
use App\Util\Common;
use App\Util\GNUsocialTestCase;
use Component\Link\Entity\Link;
use InvalidArgumentException;
@ -36,6 +37,6 @@ class LinkTest extends GNUsocialTestCase
$link = Link::getOrCreate('https://gnu.org');
static::assertNotNull($link->getUrl());
static::assertThrows(InvalidArgumentException::class, fn () => Link::getOrCreate('https://' . $_ENV['SOCIAL_DOMAIN']));
static::assertThrows(InvalidArgumentException::class, fn () => Link::getOrCreate('https://' . Common::config('site', 'server')));
}
}