mirror of
https://github.com/versia-pub/server.git
synced 2026-03-13 05:49:16 +01:00
fix(media): 🐛 Don't proxy media from trusted origins, use new ProxiedUrl class
Some checks failed
CodeQL Scan / Analyze (javascript-typescript) (push) Failing after 6s
Build Docker Images / lint (push) Failing after 10s
Build Docker Images / check (push) Failing after 11s
Build Docker Images / tests (push) Failing after 27s
Build Docker Images / build (server, Dockerfile, ${{ github.repository_owner }}/server) (push) Has been skipped
Build Docker Images / build (worker, Worker.Dockerfile, ${{ github.repository_owner }}/worker) (push) Has been skipped
Deploy Docs to GitHub Pages / build (push) Failing after 6s
Mirror to Codeberg / Mirror (push) Failing after 0s
Deploy Docs to GitHub Pages / Deploy (push) Has been skipped
Nix Build / check (push) Failing after 5s
Some checks failed
CodeQL Scan / Analyze (javascript-typescript) (push) Failing after 6s
Build Docker Images / lint (push) Failing after 10s
Build Docker Images / check (push) Failing after 11s
Build Docker Images / tests (push) Failing after 27s
Build Docker Images / build (server, Dockerfile, ${{ github.repository_owner }}/server) (push) Has been skipped
Build Docker Images / build (worker, Worker.Dockerfile, ${{ github.repository_owner }}/worker) (push) Has been skipped
Deploy Docs to GitHub Pages / build (push) Failing after 6s
Mirror to Codeberg / Mirror (push) Failing after 0s
Deploy Docs to GitHub Pages / Deploy (push) Has been skipped
Nix Build / check (push) Failing after 5s
This commit is contained in:
Jesse Wierzbinski
parent
411fcd8af5
commit
dc1ddb758d
14 changed files with 114 additions and 140 deletions
|
|
@ -64,7 +64,7 @@ describe("/api/v1/emojis", () => {
|
|||
|
||||
expect(ok).toBe(true);
|
||||
expect(data.shortcode).toBe("test1");
|
||||
expect(data.url).toContain("/media/proxy");
|
||||
expect(data.url).toContain("/media/");
|
||||
});
|
||||
|
||||
test("should try to upload a non-image", async () => {
|
||||
|
|
@ -116,7 +116,7 @@ describe("/api/v1/emojis", () => {
|
|||
|
||||
expect(ok).toBe(true);
|
||||
expect(data.shortcode).toBe("test4");
|
||||
expect(data.url).toContain("/media/proxy");
|
||||
expect(data.url).toContain("/media/");
|
||||
});
|
||||
|
||||
test("should fail when uploading an already existing global emoji", async () => {
|
||||
|
|
@ -141,7 +141,7 @@ describe("/api/v1/emojis", () => {
|
|||
|
||||
expect(ok).toBe(true);
|
||||
expect(data.shortcode).toBe("test4");
|
||||
expect(data.url).toContain("/media/proxy/");
|
||||
expect(data.url).toContain("/media/");
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
import { apiRoute } from "@/api";
|
||||
import { proxyUrl } from "@/response";
|
||||
import { InstanceV1 as InstanceV1Schema } from "@versia/client/schemas";
|
||||
import { Instance, Note, User } from "@versia/kit/db";
|
||||
import { Users } from "@versia/kit/tables";
|
||||
|
|
@ -8,6 +7,7 @@ import { describeRoute } from "hono-openapi";
|
|||
import { resolver } from "hono-openapi/zod";
|
||||
import type { z } from "zod";
|
||||
import { markdownParse } from "~/classes/functions/status";
|
||||
import type { ProxiableUrl } from "~/classes/media/url";
|
||||
import { config } from "~/config.ts";
|
||||
import manifest from "~/package.json";
|
||||
|
||||
|
|
@ -56,7 +56,7 @@ export default apiRoute((app) =>
|
|||
providers?: {
|
||||
id: string;
|
||||
name: string;
|
||||
icon: string;
|
||||
icon?: ProxiableUrl;
|
||||
}[];
|
||||
}
|
||||
| undefined;
|
||||
|
|
@ -114,9 +114,7 @@ export default apiRoute((app) =>
|
|||
status_count: statusCount,
|
||||
user_count: userCount,
|
||||
},
|
||||
thumbnail: config.instance.branding.logo
|
||||
? proxyUrl(config.instance.branding.logo).toString()
|
||||
: null,
|
||||
thumbnail: config.instance.branding.logo?.proxied ?? null,
|
||||
title: config.instance.name,
|
||||
uri: config.http.base_url.host,
|
||||
urls: {
|
||||
|
|
@ -131,9 +129,7 @@ export default apiRoute((app) =>
|
|||
providers:
|
||||
oidcConfig?.providers?.map((p) => ({
|
||||
name: p.name,
|
||||
icon: p.icon
|
||||
? proxyUrl(new URL(p.icon)).toString()
|
||||
: undefined,
|
||||
icon: p.icon?.proxied,
|
||||
id: p.id,
|
||||
})) ?? [],
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
import { apiRoute } from "@/api";
|
||||
import { proxyUrl } from "@/response";
|
||||
import { Instance as InstanceSchema } from "@versia/client/schemas";
|
||||
import { User } from "@versia/kit/db";
|
||||
import { Users } from "@versia/kit/tables";
|
||||
import { and, eq, isNull } from "drizzle-orm";
|
||||
import { describeRoute } from "hono-openapi";
|
||||
import { resolver } from "hono-openapi/zod";
|
||||
import type { ProxiableUrl } from "~/classes/media/url";
|
||||
import { config } from "~/config.ts";
|
||||
import pkg from "~/package.json";
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ export default apiRoute((app) =>
|
|||
providers?: {
|
||||
id: string;
|
||||
name: string;
|
||||
icon: string;
|
||||
icon?: ProxiableUrl;
|
||||
}[];
|
||||
}
|
||||
| undefined;
|
||||
|
|
@ -69,14 +69,10 @@ export default apiRoute((app) =>
|
|||
mastodon: 1,
|
||||
},
|
||||
thumbnail: {
|
||||
url: config.instance.branding.logo
|
||||
? proxyUrl(config.instance.branding.logo).toString()
|
||||
: pkg.icon,
|
||||
url: config.instance.branding.logo?.proxied ?? pkg.icon,
|
||||
},
|
||||
banner: {
|
||||
url: config.instance.branding.banner
|
||||
? proxyUrl(config.instance.branding.banner).toString()
|
||||
: null,
|
||||
url: config.instance.branding.banner?.proxied ?? null,
|
||||
},
|
||||
icon: [],
|
||||
languages: config.instance.languages,
|
||||
|
|
@ -172,7 +168,7 @@ export default apiRoute((app) =>
|
|||
providers:
|
||||
oidcConfig?.providers?.map((p) => ({
|
||||
name: p.name,
|
||||
icon: p.icon ? proxyUrl(new URL(p.icon)) : "",
|
||||
icon: p.icon?.proxied,
|
||||
id: p.id,
|
||||
})) ?? [],
|
||||
},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue