Fix support for HTTP proxies (#11245)
* Disable incorrect check for hidden services in Socket Hidden services can only be accessed with an HTTP proxy, in which case the host seen by the Socket class will be the proxy, not the target host. Hidden services are already filtered in `Request#initialize`. * Use our Socket class to connect to HTTP proxies Avoid the timeout logic being bypassed * Add support for IP addresses in Request::Socket * Refactor a bit, no need to keep the DNS resolver aroundremotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
parent
7039dca12c
commit
a0b614f10a
|
@ -30,7 +30,8 @@ class Request
|
|||
@verb = verb
|
||||
@url = Addressable::URI.parse(url).normalize
|
||||
@http_client = options.delete(:http_client)
|
||||
@options = options.merge(use_proxy? ? Rails.configuration.x.http_client_proxy : { socket_class: Socket })
|
||||
@options = options.merge(socket_class: use_proxy? ? ProxySocket : Socket)
|
||||
@options = @options.merge(Rails.configuration.x.http_client_proxy) if use_proxy?
|
||||
@headers = {}
|
||||
|
||||
raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if block_hidden_service?
|
||||
|
@ -177,19 +178,22 @@ class Request
|
|||
class Socket < TCPSocket
|
||||
class << self
|
||||
def open(host, *args)
|
||||
return super(host, *args) if thru_hidden_service?(host)
|
||||
|
||||
outer_e = nil
|
||||
port = args.first
|
||||
|
||||
addresses = []
|
||||
begin
|
||||
addresses = [IPAddr.new(host)]
|
||||
rescue IPAddr::InvalidAddressError
|
||||
Resolv::DNS.open do |dns|
|
||||
dns.timeouts = 5
|
||||
|
||||
addresses = dns.getaddresses(host).take(2)
|
||||
end
|
||||
end
|
||||
|
||||
addresses.each do |address|
|
||||
begin
|
||||
raise Mastodon::HostValidationError if PrivateAddressCheck.private_address?(IPAddr.new(address.to_s))
|
||||
check_private_address(address)
|
||||
|
||||
sock = ::Socket.new(address.is_a?(Resolv::IPv6) ? ::Socket::AF_INET6 : ::Socket::AF_INET, ::Socket::SOCK_STREAM, 0)
|
||||
sockaddr = ::Socket.pack_sockaddr_in(port, address.to_s)
|
||||
|
@ -219,7 +223,6 @@ class Request
|
|||
outer_e = e
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
if outer_e
|
||||
raise outer_e
|
||||
|
@ -230,11 +233,21 @@ class Request
|
|||
|
||||
alias new open
|
||||
|
||||
def thru_hidden_service?(host)
|
||||
Rails.configuration.x.access_to_hidden_service && /\.(onion|i2p)$/.match(host)
|
||||
def check_private_address(address)
|
||||
raise Mastodon::HostValidationError if PrivateAddressCheck.private_address?(IPAddr.new(address.to_s))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private_constant :ClientLimit, :Socket
|
||||
class ProxySocket < Socket
|
||||
class << self
|
||||
def check_private_address(_address)
|
||||
# Accept connections to private addresses as HTTP proxies will usually
|
||||
# be on local addresses
|
||||
nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private_constant :ClientLimit, :Socket, :ProxySocket
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue