forked from GNUsocial/gnu-social
[CORE] Add CONFIG_ prefix to environment whitelist
Fixed minor issues with Commong:config of env not being included and ported to local social yaml Fixed some regressions introduced with [CORE] Unset sensitive information from the environment
This commit is contained in:
parent
416451a519
commit
fb3e900b28
4
bin/configure
vendored
4
bin/configure
vendored
@ -352,8 +352,8 @@ SOCIAL_DBMS=${DBMS}
|
|||||||
SOCIAL_DB=${DB_NAME}
|
SOCIAL_DB=${DB_NAME}
|
||||||
SOCIAL_USER=${DB_USER}
|
SOCIAL_USER=${DB_USER}
|
||||||
SOCIAL_PASSWORD=${DB_PASSWORD}
|
SOCIAL_PASSWORD=${DB_PASSWORD}
|
||||||
SOCIAL_DOMAIN=${DOMAIN}
|
CONFIG_DOMAIN=${DOMAIN}
|
||||||
SOCIAL_NODE_NAME=${NODE_NAME}
|
CONFIG_NODE_NAME=${NODE_NAME}
|
||||||
SOCIAL_ADMIN_EMAIL=${EMAIL}
|
SOCIAL_ADMIN_EMAIL=${EMAIL}
|
||||||
SOCIAL_SITE_PROFILE=${PROFILE}
|
SOCIAL_SITE_PROFILE=${PROFILE}
|
||||||
MAILER_DSN=${MAILER_DSN}
|
MAILER_DSN=${MAILER_DSN}
|
||||||
|
@ -152,7 +152,7 @@ class FreeNetwork extends Component
|
|||||||
$parts = explode('@', mb_substr(urldecode($resource), 5)); // 5 is strlen of 'acct:'
|
$parts = explode('@', mb_substr(urldecode($resource), 5)); // 5 is strlen of 'acct:'
|
||||||
if (\count($parts) === 2) {
|
if (\count($parts) === 2) {
|
||||||
[$nick, $domain] = $parts;
|
[$nick, $domain] = $parts;
|
||||||
if ($domain !== $_ENV['SOCIAL_DOMAIN']) {
|
if ($domain !== Common::config('site', 'server')) {
|
||||||
throw new ServerException(_m('Remote profiles not supported via WebFinger yet.'));
|
throw new ServerException(_m('Remote profiles not supported via WebFinger yet.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -169,7 +169,7 @@ class FreeNetwork extends Component
|
|||||||
// This means $resource is a valid url
|
// This means $resource is a valid url
|
||||||
$resource_parts = parse_url($resource);
|
$resource_parts = parse_url($resource);
|
||||||
// TODO: Use URLMatcher
|
// TODO: Use URLMatcher
|
||||||
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
if ($resource_parts['host'] === Common::config('site', 'server')) {
|
||||||
$str = $resource_parts['path'];
|
$str = $resource_parts['path'];
|
||||||
// actor_view_nickname
|
// actor_view_nickname
|
||||||
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
|
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
|
||||||
@ -379,7 +379,7 @@ class FreeNetwork extends Component
|
|||||||
$actor = null;
|
$actor = null;
|
||||||
|
|
||||||
$resource_parts = explode($preMention, $target);
|
$resource_parts = explode($preMention, $target);
|
||||||
if ($resource_parts[1] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
if ($resource_parts[1] === Common::config('site', 'server')) {
|
||||||
$actor = LocalUser::getByPK(['nickname' => $resource_parts[0]])->getActor();
|
$actor = LocalUser::getByPK(['nickname' => $resource_parts[0]])->getActor();
|
||||||
} else {
|
} else {
|
||||||
Event::handle('FreeNetworkFindMentions', [$target, &$actor]);
|
Event::handle('FreeNetworkFindMentions', [$target, &$actor]);
|
||||||
@ -408,7 +408,7 @@ class FreeNetwork extends Component
|
|||||||
// This means $resource is a valid url
|
// This means $resource is a valid url
|
||||||
$resource_parts = parse_url($url);
|
$resource_parts = parse_url($url);
|
||||||
// TODO: Use URLMatcher
|
// TODO: Use URLMatcher
|
||||||
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
if ($resource_parts['host'] === Common::config('site', 'server')) {
|
||||||
$str = $resource_parts['path'];
|
$str = $resource_parts['path'];
|
||||||
// actor_view_nickname
|
// actor_view_nickname
|
||||||
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
|
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
|
||||||
|
@ -126,7 +126,7 @@ class Link extends Entity
|
|||||||
{
|
{
|
||||||
if (Common::isValidHttpUrl($url)) {
|
if (Common::isValidHttpUrl($url)) {
|
||||||
// If the URL is a local one, do not create a Link to it
|
// If the URL is a local one, do not create a Link to it
|
||||||
if (parse_url($url, \PHP_URL_HOST) === $_ENV['SOCIAL_DOMAIN']) {
|
if (parse_url($url, \PHP_URL_HOST) === Common::config('site', 'server')) {
|
||||||
Log::warning("It was attempted to create a Link to a local location {$url}.");
|
Log::warning("It was attempted to create a Link to a local location {$url}.");
|
||||||
// Forbidden
|
// Forbidden
|
||||||
throw new InvalidArgumentException(message: "A Link can't point to a local location ({$url}), it must be a remote one", code: 400);
|
throw new InvalidArgumentException(message: "A Link can't point to a local location ({$url}), it must be a remote one", code: 400);
|
||||||
|
@ -446,7 +446,7 @@ class ActivityPub extends Plugin
|
|||||||
// This means $resource is a valid url
|
// This means $resource is a valid url
|
||||||
$resource_parts = parse_url($resource);
|
$resource_parts = parse_url($resource);
|
||||||
// TODO: Use URLMatcher
|
// TODO: Use URLMatcher
|
||||||
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
if ($resource_parts['host'] === Common::config('site', 'server')) {
|
||||||
$local_note = DB::findOneBy('note', ['url' => $resource], return_null: true);
|
$local_note = DB::findOneBy('note', ['url' => $resource], return_null: true);
|
||||||
if ($local_note instanceof Note) {
|
if ($local_note instanceof Note) {
|
||||||
return $local_note;
|
return $local_note;
|
||||||
@ -493,7 +493,7 @@ class ActivityPub extends Plugin
|
|||||||
// This means $resource is a valid url
|
// This means $resource is a valid url
|
||||||
$resource_parts = parse_url($resource);
|
$resource_parts = parse_url($resource);
|
||||||
// TODO: Use URLMatcher
|
// TODO: Use URLMatcher
|
||||||
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
if ($resource_parts['host'] === Common::config('site', 'server')) {
|
||||||
$str = $resource_parts['path'];
|
$str = $resource_parts['path'];
|
||||||
// actor_view_nickname
|
// actor_view_nickname
|
||||||
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
|
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
|
||||||
|
@ -35,6 +35,7 @@ namespace Plugin\ActivityPub\Controller;
|
|||||||
use App\Core\Controller;
|
use App\Core\Controller;
|
||||||
use App\Core\DB\DB;
|
use App\Core\DB\DB;
|
||||||
use App\Core\Event;
|
use App\Core\Event;
|
||||||
|
use App\Util\Common;
|
||||||
use function App\Core\I18n\_m;
|
use function App\Core\I18n\_m;
|
||||||
use App\Core\Log;
|
use App\Core\Log;
|
||||||
use App\Core\Router\Router;
|
use App\Core\Router\Router;
|
||||||
@ -90,7 +91,7 @@ class Inbox extends Controller
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
$resource_parts = parse_url($type->get('actor'));
|
$resource_parts = parse_url($type->get('actor'));
|
||||||
if ($resource_parts['host'] !== $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
if ($resource_parts['host'] !== Common::config('site', 'server')) {
|
||||||
$ap_actor = ActivitypubActor::fromUri($type->get('actor'));
|
$ap_actor = ActivitypubActor::fromUri($type->get('actor'));
|
||||||
$actor = Actor::getById($ap_actor->getActorId());
|
$actor = Actor::getById($ap_actor->getActorId());
|
||||||
DB::flush();
|
DB::flush();
|
||||||
|
@ -65,14 +65,14 @@ if ($trustedHosts = $_ENV['TRUSTED_HOSTS'] ?? $_SERVER['TRUSTED_HOSTS'] ?? false
|
|||||||
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
|
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
|
||||||
|
|
||||||
// Wrap the default Kernel with the CacheKernel one in 'prod' environment
|
// Wrap the default Kernel with the CacheKernel one in 'prod' environment
|
||||||
if ('prod' === $kernel->getEnvironment() || isset($_ENV['SOCIAL_USE_CACHE_KERNEL'])) {
|
if ('prod' === $kernel->getEnvironment() || isset($_ENV['CONFIG_USE_CACHE_KERNEL'])) {
|
||||||
$kernel = new CacheKernel($kernel);
|
$kernel = new CacheKernel($kernel);
|
||||||
}
|
}
|
||||||
|
|
||||||
$request = Request::createFromGlobals();
|
$request = Request::createFromGlobals();
|
||||||
$_ENV = array_filter(
|
$_ENV = array_filter(
|
||||||
$_ENV,
|
$_ENV,
|
||||||
fn (string $key) => Formatting::startsWith($key, ['HTTP', 'APP']) && $key !== 'APP_SECRET',
|
fn (string $key) => Formatting::startsWith($key, ['HTTP', 'APP', 'CONFIG']) && $key !== 'APP_SECRET',
|
||||||
\ARRAY_FILTER_USE_KEY,
|
\ARRAY_FILTER_USE_KEY,
|
||||||
);
|
);
|
||||||
$response = $kernel->handle($request);
|
$response = $kernel->handle($request);
|
||||||
|
@ -79,6 +79,7 @@ use Symfony\Contracts\Translation\TranslatorInterface;
|
|||||||
use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
|
use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
|
||||||
use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
|
use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
|
||||||
use Twig\Environment;
|
use Twig\Environment;
|
||||||
|
use Symfony\Component\Yaml;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @codeCoverageIgnore
|
* @codeCoverageIgnore
|
||||||
@ -228,8 +229,10 @@ class GNUsocial implements EventSubscriberInterface
|
|||||||
// Overriding doesn't work as we want, overrides the top-most key, do it manually
|
// Overriding doesn't work as we want, overrides the top-most key, do it manually
|
||||||
$local_file = INSTALLDIR . '/social.local.yaml';
|
$local_file = INSTALLDIR . '/social.local.yaml';
|
||||||
if (!file_exists($local_file)) {
|
if (!file_exists($local_file)) {
|
||||||
$node_name = $_ENV['SOCIAL_NODE_NAME'];
|
$node_name = $_ENV['CONFIG_NODE_NAME'];
|
||||||
file_put_contents($local_file, "parameters:\n locals:\n gnusocial:\n site:\n name: {$node_name}\n");
|
$domain = $_ENV['CONFIG_DOMAIN'];
|
||||||
|
$yaml = (new Yaml\Dumper(indentation: 2))->dump(['parameters' => ['locals' => ['gnusocial' => ['site' => ['server' => $domain, 'name' => $node_name]]]]], Yaml\Yaml::DUMP_OBJECT_AS_MAP);
|
||||||
|
file_put_contents($local_file, $yaml);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load .local
|
// Load .local
|
||||||
|
@ -21,6 +21,7 @@ declare(strict_types = 1);
|
|||||||
|
|
||||||
namespace App\Tests\Entity;
|
namespace App\Tests\Entity;
|
||||||
|
|
||||||
|
use App\Util\Common;
|
||||||
use App\Util\GNUsocialTestCase;
|
use App\Util\GNUsocialTestCase;
|
||||||
use Component\Link\Entity\Link;
|
use Component\Link\Entity\Link;
|
||||||
use InvalidArgumentException;
|
use InvalidArgumentException;
|
||||||
@ -36,6 +37,6 @@ class LinkTest extends GNUsocialTestCase
|
|||||||
$link = Link::getOrCreate('https://gnu.org');
|
$link = Link::getOrCreate('https://gnu.org');
|
||||||
static::assertNotNull($link->getUrl());
|
static::assertNotNull($link->getUrl());
|
||||||
|
|
||||||
static::assertThrows(InvalidArgumentException::class, fn () => Link::getOrCreate('https://' . $_ENV['SOCIAL_DOMAIN']));
|
static::assertThrows(InvalidArgumentException::class, fn () => Link::getOrCreate('https://' . Common::config('site', 'server')));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user