git.squeep.com Git - akkoma/blob - test/web/media_proxy/media_proxy_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MediaProxyTest do
   6   use ExUnit.Case
   7   use Pleroma.Tests.Helpers
   8   import Pleroma.Web.MediaProxy
   9   alias Pleroma.Web.MediaProxy.MediaProxyController
  10
  11   clear_config([:media_proxy, :enabled])
  12
  13   describe "when enabled" do
  14     setup do
  15       Pleroma.Config.put([:media_proxy, :enabled], true)
  16       :ok
  17     end
  18
  19     test "ignores invalid url" do
  20       assert url(nil) == nil
  21       assert url("") == nil
  22     end
  23
  24     test "ignores relative url" do
  25       assert url("/local") == "/local"
  26       assert url("/") == "/"
  27     end
  28
  29     test "ignores local url" do
  30       local_url = Pleroma.Web.Endpoint.url() <> "/hello"
  31       local_root = Pleroma.Web.Endpoint.url()
  32       assert url(local_url) == local_url
  33       assert url(local_root) == local_root
  34     end
  35
  36     test "encodes and decodes URL" do
  37       url = "https://pleroma.soykaf.com/static/logo.png"
  38       encoded = url(url)
  39
  40       assert String.starts_with?(
  41                encoded,
  42                Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url())
  43              )
  44
  45       assert String.ends_with?(encoded, "/logo.png")
  46
  47       assert decode_result(encoded) == url
  48     end
  49
  50     test "encodes and decodes URL without a path" do
  51       url = "https://pleroma.soykaf.com"
  52       encoded = url(url)
  53       assert decode_result(encoded) == url
  54     end
  55
  56     test "encodes and decodes URL without an extension" do
  57       url = "https://pleroma.soykaf.com/path/"
  58       encoded = url(url)
  59       assert String.ends_with?(encoded, "/path")
  60       assert decode_result(encoded) == url
  61     end
  62
  63     test "encodes and decodes URL and ignores query params for the path" do
  64       url = "https://pleroma.soykaf.com/static/logo.png?93939393939&bunny=true"
  65       encoded = url(url)
  66       assert String.ends_with?(encoded, "/logo.png")
  67       assert decode_result(encoded) == url
  68     end
  69
  70     test "validates signature" do
  71       secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
  72
  73       on_exit(fn ->
  74         Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], secret_key_base)
  75       end)
  76
  77       encoded = url("https://pleroma.social")
  78
  79       Pleroma.Config.put(
  80         [Pleroma.Web.Endpoint, :secret_key_base],
  81         "00000000000000000000000000000000000000000000000"
  82       )
  83
  84       [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/")
  85       assert decode_url(sig, base64) == {:error, :invalid_signature}
  86     end
  87
  88     test "filename_matches preserves the encoded or decoded path" do
  89       assert MediaProxyController.filename_matches(
  90                %{"filename" => "/Hello world.jpg"},
  91                "/Hello world.jpg",
  92                "http://pleroma.social/Hello world.jpg"
  93              ) == :ok
  94
  95       assert MediaProxyController.filename_matches(
  96                %{"filename" => "/Hello%20world.jpg"},
  97                "/Hello%20world.jpg",
  98                "http://pleroma.social/Hello%20world.jpg"
  99              ) == :ok
 100
 101       assert MediaProxyController.filename_matches(
 102                %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"},
 103                "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg",
 104                "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"
 105              ) == :ok
 106
 107       assert MediaProxyController.filename_matches(
 108                %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jp"},
 109                "/my%2Flong%2Furl%2F2019%2F07%2FS.jp",
 110                "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"
 111              ) == {:wrong_filename, "my%2Flong%2Furl%2F2019%2F07%2FS.jpg"}
 112     end
 113
 114     test "encoded url are tried to match for proxy as `conn.request_path` encodes the url" do
 115       # conn.request_path will return encoded url
 116       request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg"
 117
 118       assert MediaProxyController.filename_matches(
 119                true,
 120                request_path,
 121                "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg"
 122              ) == :ok
 123     end
 124
 125     test "uses the configured base_url" do
 126       base_url = Pleroma.Config.get([:media_proxy, :base_url])
 127
 128       if base_url do
 129         on_exit(fn ->
 130           Pleroma.Config.put([:media_proxy, :base_url], base_url)
 131         end)
 132       end
 133
 134       Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
 135
 136       url = "https://pleroma.soykaf.com/static/logo.png"
 137       encoded = url(url)
 138
 139       assert String.starts_with?(encoded, Pleroma.Config.get([:media_proxy, :base_url]))
 140     end
 141
 142     # Some sites expect ASCII encoded characters in the URL to be preserved even if
 143     # unnecessary.
 144     # Issues: https://git.pleroma.social/pleroma/pleroma/issues/580
 145     #         https://git.pleroma.social/pleroma/pleroma/issues/1055
 146     test "preserve ASCII encoding" do
 147       url =
 148         "https://pleroma.com/%20/%21/%22/%23/%24/%25/%26/%27/%28/%29/%2A/%2B/%2C/%2D/%2E/%2F/%30/%31/%32/%33/%34/%35/%36/%37/%38/%39/%3A/%3B/%3C/%3D/%3E/%3F/%40/%41/%42/%43/%44/%45/%46/%47/%48/%49/%4A/%4B/%4C/%4D/%4E/%4F/%50/%51/%52/%53/%54/%55/%56/%57/%58/%59/%5A/%5B/%5C/%5D/%5E/%5F/%60/%61/%62/%63/%64/%65/%66/%67/%68/%69/%6A/%6B/%6C/%6D/%6E/%6F/%70/%71/%72/%73/%74/%75/%76/%77/%78/%79/%7A/%7B/%7C/%7D/%7E/%7F/%80/%81/%82/%83/%84/%85/%86/%87/%88/%89/%8A/%8B/%8C/%8D/%8E/%8F/%90/%91/%92/%93/%94/%95/%96/%97/%98/%99/%9A/%9B/%9C/%9D/%9E/%9F/%C2%A0/%A1/%A2/%A3/%A4/%A5/%A6/%A7/%A8/%A9/%AA/%AB/%AC/%C2%AD/%AE/%AF/%B0/%B1/%B2/%B3/%B4/%B5/%B6/%B7/%B8/%B9/%BA/%BB/%BC/%BD/%BE/%BF/%C0/%C1/%C2/%C3/%C4/%C5/%C6/%C7/%C8/%C9/%CA/%CB/%CC/%CD/%CE/%CF/%D0/%D1/%D2/%D3/%D4/%D5/%D6/%D7/%D8/%D9/%DA/%DB/%DC/%DD/%DE/%DF/%E0/%E1/%E2/%E3/%E4/%E5/%E6/%E7/%E8/%E9/%EA/%EB/%EC/%ED/%EE/%EF/%F0/%F1/%F2/%F3/%F4/%F5/%F6/%F7/%F8/%F9/%FA/%FB/%FC/%FD/%FE/%FF"
 149
 150       encoded = url(url)
 151       assert decode_result(encoded) == url
 152     end
 153
 154     # This includes unsafe/reserved characters which are not interpreted as part of the URL
 155     # and would otherwise have to be ASCII encoded. It is our role to ensure the proxied URL
 156     # is unmodified, so we are testing these characters anyway.
 157     test "preserve non-unicode characters per RFC3986" do
 158       url =
 159         "https://pleroma.com/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-._~:/?#[]@!$&'()*+,;=|^`{}"
 160
 161       encoded = url(url)
 162       assert decode_result(encoded) == url
 163     end
 164
 165     test "preserve unicode characters" do
 166       url = "https://ko.wikipedia.org/wiki/위키백과:대문"
 167
 168       encoded = url(url)
 169       assert decode_result(encoded) == url
 170     end
 171   end
 172
 173   describe "when disabled" do
 174     setup do
 175       enabled = Pleroma.Config.get([:media_proxy, :enabled])
 176
 177       if enabled do
 178         Pleroma.Config.put([:media_proxy, :enabled], false)
 179
 180         on_exit(fn ->
 181           Pleroma.Config.put([:media_proxy, :enabled], enabled)
 182           :ok
 183         end)
 184       end
 185
 186       :ok
 187     end
 188
 189     test "does not encode remote urls" do
 190       assert url("https://google.fr") == "https://google.fr"
 191     end
 192   end
 193
 194   defp decode_result(encoded) do
 195     [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/")
 196     {:ok, decoded} = decode_url(sig, base64)
 197     decoded
 198   end
 199
 200   describe "whitelist" do
 201     setup do
 202       Pleroma.Config.put([:media_proxy, :enabled], true)
 203       :ok
 204     end
 205
 206     test "mediaproxy whitelist" do
 207       Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
 208       url = "https://feld.me/foo.png"
 209
 210       unencoded = url(url)
 211       assert unencoded == url
 212     end
 213
 214     test "does not change whitelisted urls" do
 215       Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"])
 216       Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
 217
 218       media_url = "https://mycdn.akamai.com"
 219
 220       url = "#{media_url}/static/logo.png"
 221       encoded = url(url)
 222
 223       assert String.starts_with?(encoded, media_url)
 224     end
 225
 226     test "ensure Pleroma.Upload base_url is always whitelisted" do
 227       upload_config = Pleroma.Config.get([Pleroma.Upload])
 228       media_url = "https://media.pleroma.social"
 229       Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
 230
 231       url = "#{media_url}/static/logo.png"
 232       encoded = url(url)
 233
 234       assert String.starts_with?(encoded, media_url)
 235
 236       Pleroma.Config.put([Pleroma.Upload], upload_config)
 237     end
 238   end
 239 end