Update stoplight to version 4.1.0 (#28366)

main-rebase-security-fix
Matt Jankowski 2024-04-02 11:47:40 -04:00 committed by GitHub
parent 921c4c1273
commit edde54e991
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 30 additions and 33 deletions

View File

@ -88,7 +88,7 @@ gem 'sidekiq-unique-jobs', '~> 7.1'
gem 'sidekiq-bulk', '~> 0.2.0' gem 'sidekiq-bulk', '~> 0.2.0'
gem 'simple-navigation', '~> 4.4' gem 'simple-navigation', '~> 4.4'
gem 'simple_form', '~> 5.2' gem 'simple_form', '~> 5.2'
gem 'stoplight', '~> 3.0.1' gem 'stoplight', '~> 4.1'
gem 'strong_migrations', '1.8.0' gem 'strong_migrations', '1.8.0'
gem 'tty-prompt', '~> 0.23', require: false gem 'tty-prompt', '~> 0.23', require: false
gem 'twitter-text', '~> 3.1.0' gem 'twitter-text', '~> 3.1.0'

View File

@ -732,7 +732,7 @@ GEM
smart_properties (1.17.0) smart_properties (1.17.0)
stackprof (0.2.26) stackprof (0.2.26)
statsd-ruby (1.5.0) statsd-ruby (1.5.0)
stoplight (3.0.2) stoplight (4.1.0)
redlock (~> 1.0) redlock (~> 1.0)
stringio (3.1.0) stringio (3.1.0)
strong_migrations (1.8.0) strong_migrations (1.8.0)
@ -939,7 +939,7 @@ DEPENDENCIES
simplecov (~> 0.22) simplecov (~> 0.22)
simplecov-lcov (~> 0.8) simplecov-lcov (~> 0.8)
stackprof stackprof
stoplight (~> 3.0.1) stoplight (~> 4.1)
strong_migrations (= 1.8.0) strong_migrations (= 1.8.0)
test-prof test-prof
thor (~> 1.2) thor (~> 1.2)

View File

@ -66,7 +66,7 @@ module SignatureVerification
compare_signed_string = build_signed_string(include_query_string: false) compare_signed_string = build_signed_string(include_query_string: false)
return actor unless verify_signature(actor, signature, compare_signed_string).nil? return actor unless verify_signature(actor, signature, compare_signed_string).nil?
actor = stoplight_wrap_request { actor_refresh_key!(actor) } actor = stoplight_wrapper.run { actor_refresh_key!(actor) }
raise SignatureVerificationError, "Could not refresh public key #{signature_params['keyId']}" if actor.nil? raise SignatureVerificationError, "Could not refresh public key #{signature_params['keyId']}" if actor.nil?
@ -226,10 +226,10 @@ module SignatureVerification
end end
if key_id.start_with?('acct:') if key_id.start_with?('acct:')
stoplight_wrap_request { ResolveAccountService.new.call(key_id.delete_prefix('acct:'), suppress_errors: false) } stoplight_wrapper.run { ResolveAccountService.new.call(key_id.delete_prefix('acct:'), suppress_errors: false) }
elsif !ActivityPub::TagManager.instance.local_uri?(key_id) elsif !ActivityPub::TagManager.instance.local_uri?(key_id)
account = ActivityPub::TagManager.instance.uri_to_actor(key_id) account = ActivityPub::TagManager.instance.uri_to_actor(key_id)
account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, suppress_errors: false) } account ||= stoplight_wrapper.run { ActivityPub::FetchRemoteKeyService.new.call(key_id, suppress_errors: false) }
account account
end end
rescue Mastodon::PrivateNetworkAddressError => e rescue Mastodon::PrivateNetworkAddressError => e
@ -238,12 +238,11 @@ module SignatureVerification
raise SignatureVerificationError, e.message raise SignatureVerificationError, e.message
end end
def stoplight_wrap_request(&block) def stoplight_wrapper
Stoplight("source:#{request.remote_ip}", &block) Stoplight("source:#{request.remote_ip}")
.with_threshold(1) .with_threshold(1)
.with_cool_off_time(5.minutes.seconds) .with_cool_off_time(5.minutes.seconds)
.with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) } .with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) }
.run
end end
def actor_refresh_key!(actor) def actor_refresh_key!(actor)

View File

@ -10,7 +10,7 @@ class BulkImportRowService
when :following, :blocking, :muting, :lists when :following, :blocking, :muting, :lists
target_acct = @data['acct'] target_acct = @data['acct']
target_domain = domain(target_acct) target_domain = domain(target_acct)
@target_account = stoplight_wrap_request(target_domain) { ResolveAccountService.new.call(target_acct, { check_delivery_availability: true }) } @target_account = stoplight_wrapper(target_domain).run { ResolveAccountService.new.call(target_acct, { check_delivery_availability: true }) }
return false if @target_account.nil? return false if @target_account.nil?
when :bookmarks when :bookmarks
target_uri = @data['uri'] target_uri = @data['uri']
@ -18,7 +18,7 @@ class BulkImportRowService
@target_status = ActivityPub::TagManager.instance.uri_to_resource(target_uri, Status) @target_status = ActivityPub::TagManager.instance.uri_to_resource(target_uri, Status)
return false if @target_status.nil? && ActivityPub::TagManager.instance.local_uri?(target_uri) return false if @target_status.nil? && ActivityPub::TagManager.instance.local_uri?(target_uri)
@target_status ||= stoplight_wrap_request(target_domain) { ActivityPub::FetchRemoteStatusService.new.call(target_uri) } @target_status ||= stoplight_wrapper(target_domain).run { ActivityPub::FetchRemoteStatusService.new.call(target_uri) }
return false if @target_status.nil? return false if @target_status.nil?
end end
@ -51,16 +51,15 @@ class BulkImportRowService
TagManager.instance.local_domain?(domain) ? nil : TagManager.instance.normalize_domain(domain) TagManager.instance.local_domain?(domain) ? nil : TagManager.instance.normalize_domain(domain)
end end
def stoplight_wrap_request(domain, &block) def stoplight_wrapper(domain)
if domain.present? if domain.present?
Stoplight("source:#{domain}", &block) Stoplight("source:#{domain}")
.with_fallback { nil } .with_fallback { nil }
.with_threshold(1) .with_threshold(1)
.with_cool_off_time(5.minutes.seconds) .with_cool_off_time(5.minutes.seconds)
.with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) } .with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) }
.run
else else
yield Stoplight('domain-blank')
end end
end end
end end

View File

@ -59,7 +59,7 @@ class ActivityPub::DeliveryWorker
end end
def perform_request def perform_request
light = Stoplight(@inbox_url) do stoplight_wrapper.run do
request_pool.with(@host) do |http_client| request_pool.with(@host) do |http_client|
build_request(http_client).perform do |response| build_request(http_client).perform do |response|
raise Mastodon::UnexpectedResponseError, response unless response_successful?(response) || response_error_unsalvageable?(response) raise Mastodon::UnexpectedResponseError, response unless response_successful?(response) || response_error_unsalvageable?(response)
@ -68,10 +68,12 @@ class ActivityPub::DeliveryWorker
end end
end end
end end
end
light.with_threshold(STOPLIGHT_FAILURE_THRESHOLD) def stoplight_wrapper
.with_cool_off_time(STOPLIGHT_COOLDOWN) Stoplight(@inbox_url)
.run .with_threshold(STOPLIGHT_FAILURE_THRESHOLD)
.with_cool_off_time(STOPLIGHT_COOLDOWN)
end end
def failure_tracker def failure_tracker

View File

@ -11,7 +11,7 @@ class Import::RelationshipWorker
def perform(account_id, target_account_uri, relationship, options) def perform(account_id, target_account_uri, relationship, options)
from_account = Account.find(account_id) from_account = Account.find(account_id)
target_domain = domain(target_account_uri) target_domain = domain(target_account_uri)
target_account = stoplight_wrap_request(target_domain) { ResolveAccountService.new.call(target_account_uri, { check_delivery_availability: true }) } target_account = stoplight_wrapper(target_domain).run { ResolveAccountService.new.call(target_account_uri, { check_delivery_availability: true }) }
options.symbolize_keys! options.symbolize_keys!
return if target_account.nil? return if target_account.nil?
@ -43,16 +43,15 @@ class Import::RelationshipWorker
TagManager.instance.local_domain?(domain) ? nil : TagManager.instance.normalize_domain(domain) TagManager.instance.local_domain?(domain) ? nil : TagManager.instance.normalize_domain(domain)
end end
def stoplight_wrap_request(domain, &block) def stoplight_wrapper(domain)
if domain.present? if domain.present?
Stoplight("source:#{domain}", &block) Stoplight("source:#{domain}")
.with_fallback { nil } .with_fallback { nil }
.with_threshold(1) .with_threshold(1)
.with_cool_off_time(5.minutes.seconds) .with_cool_off_time(5.minutes.seconds)
.with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) } .with_error_handler { |error, handle| error.is_a?(HTTP::Error) || error.is_a?(OpenSSL::SSL::SSLError) ? handle.call(error) : raise(error) }
.run
else else
yield Stoplight('domain-blank')
end end
end end
end end

View File

@ -3,6 +3,6 @@
require 'stoplight' require 'stoplight'
Rails.application.reloader.to_prepare do Rails.application.reloader.to_prepare do
Stoplight::Light.default_data_store = Stoplight::DataStore::Redis.new(RedisConfiguration.new.connection) Stoplight.default_data_store = Stoplight::DataStore::Redis.new(RedisConfiguration.new.connection)
Stoplight::Light.default_notifiers = [Stoplight::Notifier::Logger.new(Rails.logger)] Stoplight.default_notifiers = [Stoplight::Notifier::Logger.new(Rails.logger)]
end end

View File

@ -84,13 +84,11 @@ module Paperclip
# Don't go through Stoplight if we don't have anything object-storage-oriented to do # Don't go through Stoplight if we don't have anything object-storage-oriented to do
return super if @queued_for_delete.empty? && @queued_for_write.empty? && !dirty? return super if @queued_for_delete.empty? && @queued_for_write.empty? && !dirty?
Stoplight('object-storage') { super }.with_threshold(STOPLIGHT_THRESHOLD).with_cool_off_time(STOPLIGHT_COOLDOWN).with_error_handler do |error, handle| Stoplight('object-storage')
if error.is_a?(Seahorse::Client::NetworkingError) .with_threshold(STOPLIGHT_THRESHOLD)
handle.call(error) .with_cool_off_time(STOPLIGHT_COOLDOWN)
else .with_error_handler { |error, handle| error.is_a?(Seahorse::Client::NetworkingError) ? handle.call(error) : raise(error) }
raise error .run { super }
end
end.run
end end
end end
end end