Allow setting a custom HTTP method in CacheBuster (#26528)

Co-authored-by: Jorijn Schrijvershof <jorijn@jorijn.com>
2023-08-18 08:18:40 +02:00 · 2023-08-18 08:18:40 +02:00 · b95867ad1f
parent b5acf13886
commit b95867ad1f
6 changed files with 81 additions and 6 deletions
--- a/app/lib/cache_buster.rb
+++ b/app/lib/cache_buster.rb
@ -2,8 +2,14 @@

 class CacheBuster
  def initialize(options = {})
-    @secret_header = options[:secret_header] || 'Secret-Header'
-    @secret        = options[:secret] || 'True'
+    ActiveSupport::Deprecation.warn('Default values for the cache buster secret header name and values will be removed in Mastodon 4.3. Please set them explicitely if you rely on those.') unless options[:http_method] || (options[:secret] && options[:secret_header])
+
+    @secret_header = options[:secret_header] ||
+                     (options[:http_method] ? nil : 'Secret-Header')
+    @secret = options[:secret] ||
+              (options[:http_method] ? nil : 'True')
+
+    @http_method = options[:http_method] || 'GET'
  end

  def bust(url)
@ -21,8 +27,9 @@ class CacheBuster
  end

  def build_request(url, http_client)
-    Request.new(:get, url, http_client: http_client).tap do |request|
-      request.add_headers(@secret_header => @secret)
-    end
+    request = Request.new(@http_method.downcase.to_sym, url, http_client: http_client)
+    request.add_headers(@secret_header => @secret) if @secret_header.present? && @secret && !@secret.empty?
+
+    request
  end
 end
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@ -117,7 +117,7 @@ class Request

  def perform
    begin
-      response = http_client.public_send(@verb, @url.to_s, @options.merge(headers: headers))
+      response = http_client.request(@verb, @url.to_s, @options.merge(headers: headers))
    rescue => e
      raise e.class, "#{e.message} on #{@url}", e.backtrace[0]
    end
--- a/config/application.rb
+++ b/config/application.rb
@ -51,6 +51,7 @@ require_relative '../lib/rails/engine_extensions'
 require_relative '../lib/active_record/database_tasks_extensions'
 require_relative '../lib/active_record/batches'
 require_relative '../lib/simple_navigation/item_extensions'
+require_relative '../lib/http_extensions'

 Dotenv::Railtie.load

--- a/config/initializers/cache_buster.rb
+++ b/config/initializers/cache_buster.rb
@ -6,5 +6,6 @@ Rails.application.configure do
  config.x.cache_buster = {
    secret_header: ENV['CACHE_BUSTER_SECRET_HEADER'],
    secret: ENV['CACHE_BUSTER_SECRET'],
+    http_method: ENV['CACHE_BUSTER_HTTP_METHOD'] || 'GET',
  }
 end
--- a/lib/http_extensions.rb
+++ b/lib/http_extensions.rb
@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Monkey patching until https://github.com/httprb/http/pull/757 is merged
+unless HTTP::Request::METHODS.include?(:purge)
+  module HTTP
+    class Request
+      METHODS = METHODS.dup.push(:purge).freeze
+    end
+  end
+end
--- a/spec/lib/cache_buster_spec.rb
+++ b/spec/lib/cache_buster_spec.rb
@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe CacheBuster do
+  subject { described_class.new(secret_header: secret_header, secret: secret, http_method: http_method) }
+
+  let(:secret_header) { nil }
+  let(:secret) { nil }
+  let(:http_method) { nil }
+
+  let(:purge_url) { 'https://example.com/test_purge' }
+
+  describe '#bust' do
+    shared_examples 'makes_request' do
+      it 'makes an HTTP purging request' do
+        method = http_method&.to_sym || :get
+        stub_request(method, purge_url).to_return(status: 200)
+
+        subject.bust(purge_url)
+
+        test_request = a_request(method, purge_url)
+
+        test_request = test_request.with(headers: { secret_header => secret }) if secret && secret_header
+
+        expect(test_request).to have_been_made.once
+      end
+    end
+
+    context 'when using default options' do
+      include_examples 'makes_request'
+    end
+
+    context 'when specifying a secret header' do
+      let(:secret_header) { 'X-Purge-Secret' }
+      let(:secret) { SecureRandom.hex(20) }
+
+      include_examples 'makes_request'
+    end
+
+    context 'when specifying a PURGE method' do
+      let(:http_method) { 'purge' }
+
+      context 'when not using headers' do
+        include_examples 'makes_request'
+      end
+
+      context 'when specifying a secret header' do
+        let(:secret_header) { 'X-Purge-Secret' }
+        let(:secret) { SecureRandom.hex(20) }
+
+        include_examples 'makes_request'
+      end
+    end
+  end
+end