forked from GNUsocial/gnu-social
[CORE] Add CONFIG_ prefix to environment whitelist
Fixed minor issues with Commong:config of env not being included and ported to local social yaml Fixed some regressions introduced with [CORE] Unset sensitive information from the environment
This commit is contained in:
parent
416451a519
commit
fb3e900b28
4
bin/configure
vendored
4
bin/configure
vendored
@ -352,8 +352,8 @@ SOCIAL_DBMS=${DBMS}
|
||||
SOCIAL_DB=${DB_NAME}
|
||||
SOCIAL_USER=${DB_USER}
|
||||
SOCIAL_PASSWORD=${DB_PASSWORD}
|
||||
SOCIAL_DOMAIN=${DOMAIN}
|
||||
SOCIAL_NODE_NAME=${NODE_NAME}
|
||||
CONFIG_DOMAIN=${DOMAIN}
|
||||
CONFIG_NODE_NAME=${NODE_NAME}
|
||||
SOCIAL_ADMIN_EMAIL=${EMAIL}
|
||||
SOCIAL_SITE_PROFILE=${PROFILE}
|
||||
MAILER_DSN=${MAILER_DSN}
|
||||
|
@ -152,7 +152,7 @@ class FreeNetwork extends Component
|
||||
$parts = explode('@', mb_substr(urldecode($resource), 5)); // 5 is strlen of 'acct:'
|
||||
if (\count($parts) === 2) {
|
||||
[$nick, $domain] = $parts;
|
||||
if ($domain !== $_ENV['SOCIAL_DOMAIN']) {
|
||||
if ($domain !== Common::config('site', 'server')) {
|
||||
throw new ServerException(_m('Remote profiles not supported via WebFinger yet.'));
|
||||
}
|
||||
|
||||
@ -169,7 +169,7 @@ class FreeNetwork extends Component
|
||||
// This means $resource is a valid url
|
||||
$resource_parts = parse_url($resource);
|
||||
// TODO: Use URLMatcher
|
||||
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
||||
if ($resource_parts['host'] === Common::config('site', 'server')) {
|
||||
$str = $resource_parts['path'];
|
||||
// actor_view_nickname
|
||||
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
|
||||
@ -379,7 +379,7 @@ class FreeNetwork extends Component
|
||||
$actor = null;
|
||||
|
||||
$resource_parts = explode($preMention, $target);
|
||||
if ($resource_parts[1] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
||||
if ($resource_parts[1] === Common::config('site', 'server')) {
|
||||
$actor = LocalUser::getByPK(['nickname' => $resource_parts[0]])->getActor();
|
||||
} else {
|
||||
Event::handle('FreeNetworkFindMentions', [$target, &$actor]);
|
||||
@ -408,7 +408,7 @@ class FreeNetwork extends Component
|
||||
// This means $resource is a valid url
|
||||
$resource_parts = parse_url($url);
|
||||
// TODO: Use URLMatcher
|
||||
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
||||
if ($resource_parts['host'] === Common::config('site', 'server')) {
|
||||
$str = $resource_parts['path'];
|
||||
// actor_view_nickname
|
||||
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
|
||||
|
@ -126,7 +126,7 @@ class Link extends Entity
|
||||
{
|
||||
if (Common::isValidHttpUrl($url)) {
|
||||
// If the URL is a local one, do not create a Link to it
|
||||
if (parse_url($url, \PHP_URL_HOST) === $_ENV['SOCIAL_DOMAIN']) {
|
||||
if (parse_url($url, \PHP_URL_HOST) === Common::config('site', 'server')) {
|
||||
Log::warning("It was attempted to create a Link to a local location {$url}.");
|
||||
// Forbidden
|
||||
throw new InvalidArgumentException(message: "A Link can't point to a local location ({$url}), it must be a remote one", code: 400);
|
||||
|
@ -446,7 +446,7 @@ class ActivityPub extends Plugin
|
||||
// This means $resource is a valid url
|
||||
$resource_parts = parse_url($resource);
|
||||
// TODO: Use URLMatcher
|
||||
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
||||
if ($resource_parts['host'] === Common::config('site', 'server')) {
|
||||
$local_note = DB::findOneBy('note', ['url' => $resource], return_null: true);
|
||||
if ($local_note instanceof Note) {
|
||||
return $local_note;
|
||||
@ -493,7 +493,7 @@ class ActivityPub extends Plugin
|
||||
// This means $resource is a valid url
|
||||
$resource_parts = parse_url($resource);
|
||||
// TODO: Use URLMatcher
|
||||
if ($resource_parts['host'] === $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
||||
if ($resource_parts['host'] === Common::config('site', 'server')) {
|
||||
$str = $resource_parts['path'];
|
||||
// actor_view_nickname
|
||||
$renick = '/\/@(' . Nickname::DISPLAY_FMT . ')\/?/m';
|
||||
|
@ -35,6 +35,7 @@ namespace Plugin\ActivityPub\Controller;
|
||||
use App\Core\Controller;
|
||||
use App\Core\DB\DB;
|
||||
use App\Core\Event;
|
||||
use App\Util\Common;
|
||||
use function App\Core\I18n\_m;
|
||||
use App\Core\Log;
|
||||
use App\Core\Router\Router;
|
||||
@ -90,7 +91,7 @@ class Inbox extends Controller
|
||||
|
||||
try {
|
||||
$resource_parts = parse_url($type->get('actor'));
|
||||
if ($resource_parts['host'] !== $_ENV['SOCIAL_DOMAIN']) { // XXX: Common::config('site', 'server')) {
|
||||
if ($resource_parts['host'] !== Common::config('site', 'server')) {
|
||||
$ap_actor = ActivitypubActor::fromUri($type->get('actor'));
|
||||
$actor = Actor::getById($ap_actor->getActorId());
|
||||
DB::flush();
|
||||
|
@ -65,14 +65,14 @@ if ($trustedHosts = $_ENV['TRUSTED_HOSTS'] ?? $_SERVER['TRUSTED_HOSTS'] ?? false
|
||||
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
|
||||
|
||||
// Wrap the default Kernel with the CacheKernel one in 'prod' environment
|
||||
if ('prod' === $kernel->getEnvironment() || isset($_ENV['SOCIAL_USE_CACHE_KERNEL'])) {
|
||||
if ('prod' === $kernel->getEnvironment() || isset($_ENV['CONFIG_USE_CACHE_KERNEL'])) {
|
||||
$kernel = new CacheKernel($kernel);
|
||||
}
|
||||
|
||||
$request = Request::createFromGlobals();
|
||||
$_ENV = array_filter(
|
||||
$_ENV,
|
||||
fn (string $key) => Formatting::startsWith($key, ['HTTP', 'APP']) && $key !== 'APP_SECRET',
|
||||
fn (string $key) => Formatting::startsWith($key, ['HTTP', 'APP', 'CONFIG']) && $key !== 'APP_SECRET',
|
||||
\ARRAY_FILTER_USE_KEY,
|
||||
);
|
||||
$response = $kernel->handle($request);
|
||||
|
@ -79,6 +79,7 @@ use Symfony\Contracts\Translation\TranslatorInterface;
|
||||
use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
|
||||
use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
|
||||
use Twig\Environment;
|
||||
use Symfony\Component\Yaml;
|
||||
|
||||
/**
|
||||
* @codeCoverageIgnore
|
||||
@ -228,8 +229,10 @@ class GNUsocial implements EventSubscriberInterface
|
||||
// Overriding doesn't work as we want, overrides the top-most key, do it manually
|
||||
$local_file = INSTALLDIR . '/social.local.yaml';
|
||||
if (!file_exists($local_file)) {
|
||||
$node_name = $_ENV['SOCIAL_NODE_NAME'];
|
||||
file_put_contents($local_file, "parameters:\n locals:\n gnusocial:\n site:\n name: {$node_name}\n");
|
||||
$node_name = $_ENV['CONFIG_NODE_NAME'];
|
||||
$domain = $_ENV['CONFIG_DOMAIN'];
|
||||
$yaml = (new Yaml\Dumper(indentation: 2))->dump(['parameters' => ['locals' => ['gnusocial' => ['site' => ['server' => $domain, 'name' => $node_name]]]]], Yaml\Yaml::DUMP_OBJECT_AS_MAP);
|
||||
file_put_contents($local_file, $yaml);
|
||||
}
|
||||
|
||||
// Load .local
|
||||
|
@ -21,6 +21,7 @@ declare(strict_types = 1);
|
||||
|
||||
namespace App\Tests\Entity;
|
||||
|
||||
use App\Util\Common;
|
||||
use App\Util\GNUsocialTestCase;
|
||||
use Component\Link\Entity\Link;
|
||||
use InvalidArgumentException;
|
||||
@ -36,6 +37,6 @@ class LinkTest extends GNUsocialTestCase
|
||||
$link = Link::getOrCreate('https://gnu.org');
|
||||
static::assertNotNull($link->getUrl());
|
||||
|
||||
static::assertThrows(InvalidArgumentException::class, fn () => Link::getOrCreate('https://' . $_ENV['SOCIAL_DOMAIN']));
|
||||
static::assertThrows(InvalidArgumentException::class, fn () => Link::getOrCreate('https://' . Common::config('site', 'server')));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user