git.squeep.com Git - akkoma/blob - lib/pleroma/http/adapter_helper/gun.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.HTTP.AdapterHelper.Gun do
   6   @behaviour Pleroma.HTTP.AdapterHelper
   7
   8   alias Pleroma.Gun.ConnectionPool
   9   alias Pleroma.HTTP.AdapterHelper
  10
  11   require Logger
  12
  13   @defaults [
  14     connect_timeout: 5_000,
  15     domain_lookup_timeout: 5_000,
  16     tls_handshake_timeout: 5_000,
  17     retry: 1,
  18     retry_timeout: 1000,
  19     await_up_timeout: 5_000
  20   ]
  21
  22   @spec options(keyword(), URI.t()) :: keyword()
  23   def options(incoming_opts \\ [], %URI{} = uri) do
  24     proxy =
  25       Pleroma.Config.get([:http, :proxy_url])
  26       |> AdapterHelper.format_proxy()
  27
  28     config_opts = Pleroma.Config.get([:http, :adapter], [])
  29
  30     @defaults
  31     |> Keyword.merge(config_opts)
  32     |> add_scheme_opts(uri)
  33     |> AdapterHelper.maybe_add_proxy(proxy)
  34     |> Keyword.merge(incoming_opts)
  35   end
  36
  37   defp add_scheme_opts(opts, %{scheme: "http"}), do: opts
  38
  39   defp add_scheme_opts(opts, %{scheme: "https"}) do
  40     opts
  41     |> Keyword.put(:certificates_verification, true)
  42     |> Keyword.put(:tls_opts,
  43       log_level: :warning,
  44       customize_hostname_check: [match_fun: &ssl_match_fun/2]
  45     )
  46   end
  47
  48   # ssl_match_fun is adapted from [Mint](https://github.com/elixir-mint/mint)
  49   # Copyright 2018 Eric Meadows-Jönsson and Andrea Leopardi
  50
  51   # Wildcard domain handling for DNS ID entries in the subjectAltName X.509
  52   # extension. Note that this is a subset of the wildcard patterns implemented
  53   # by OTP when matching against the subject CN attribute, but this is the only
  54   # wildcard usage defined by the CA/Browser Forum's Baseline Requirements, and
  55   # therefore the only pattern used in commercially issued certificates.
  56   defp ssl_match_fun({:dns_id, reference}, {:dNSName, [?*, ?. | presented]}) do
  57     case domain_without_host(reference) do
  58       '' ->
  59         :default
  60
  61       domain ->
  62         :string.casefold(domain) == :string.casefold(presented)
  63     end
  64   end
  65
  66   defp ssl_match_fun(_reference, _presented), do: :default
  67
  68   defp domain_without_host([]), do: []
  69   defp domain_without_host([?. | domain]), do: domain
  70   defp domain_without_host([_ | more]), do: domain_without_host(more)
  71
  72   @spec get_conn(URI.t(), keyword()) :: {:ok, keyword()} | {:error, atom()}
  73   def get_conn(uri, opts) do
  74     case ConnectionPool.get_conn(uri, opts) do
  75       {:ok, conn_pid} -> {:ok, Keyword.merge(opts, conn: conn_pid, close_conn: false)}
  76       err -> err
  77     end
  78   end
  79
  80   @prefix Pleroma.Gun.ConnectionPool
  81   def limiter_setup do
  82     wait = Pleroma.Config.get([:connections_pool, :connection_acquisition_wait])
  83     retries = Pleroma.Config.get([:connections_pool, :connection_acquisition_retries])
  84
  85     :pools
  86     |> Pleroma.Config.get([])
  87     |> Enum.each(fn {name, opts} ->
  88       max_running = Keyword.get(opts, :size, 50)
  89       max_waiting = Keyword.get(opts, :max_waiting, 10)
  90
  91       result =
  92         ConcurrentLimiter.new(:"#{@prefix}.#{name}", max_running, max_waiting,
  93           wait: wait,
  94           max_retries: retries
  95         )
  96
  97       case result do
  98         :ok -> :ok
  99         {:error, :existing} -> :ok
 100         e -> raise e
 101       end
 102     end)
 103
 104     :ok
 105   end
 106 end