cherry-pick security from upstream

[akkoma] / lib / pleroma / web / plugs / cache.ex

diff --git a/lib/pleroma/web/plugs/cache.ex b/lib/pleroma/web/plugs/cache.ex
index 6de01804afd71623ee6b1e8dbd8f603ee1d39f93..935b2d83464fb5f2514c92803a81193d1bf66ba8 100644 (file)
--- a/lib/pleroma/web/plugs/cache.ex
+++ b/lib/pleroma/web/plugs/cache.ex
@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.Plugs.Cache do
@@ -41,6 +41,8 @@ defmodule Pleroma.Web.Plugs.Cache do
 
   @defaults %{ttl: nil, query_params: true}
 
+  @cachex Pleroma.Config.get([:cachex, :provider], Cachex)
+
   @impl true
   def init([]), do: @defaults
 
@@ -53,7 +55,7 @@ defmodule Pleroma.Web.Plugs.Cache do
   def call(%{method: "GET"} = conn, opts) do
     key = cache_key(conn, opts)
 
-    case Cachex.get(:web_resp_cache, key) do
+    case @cachex.get(:web_resp_cache, key) do
       {:ok, nil} ->
         cache_resp(conn, opts)
 
@@ -95,13 +97,21 @@ defmodule Pleroma.Web.Plugs.Cache do
         key = cache_key(conn, opts)
         content_type = content_type(conn)
 
+        should_cache = not Map.get(conn.assigns, :skip_cache, false)
+
         conn =
           unless opts[:tracking_fun] do
-            Cachex.put(:web_resp_cache, key, {content_type, body}, ttl: ttl)
+            if should_cache do
+              @cachex.put(:web_resp_cache, key, {content_type, body}, ttl: ttl)
+            end
+
             conn
           else
             tracking_fun_data = Map.get(conn.assigns, :tracking_fun_data, nil)
-            Cachex.put(:web_resp_cache, key, {content_type, body, tracking_fun_data}, ttl: ttl)
+
+            if should_cache do
+              @cachex.put(:web_resp_cache, key, {content_type, body, tracking_fun_data}, ttl: ttl)
+            end
 
             opts.tracking_fun.(conn, tracking_fun_data)
           end