From f4a6879cafd47b86875ed6df9693e47572c90710 Mon Sep 17 00:00:00 2001 From: Renaud Chaput Date: Fri, 18 Aug 2023 08:18:40 +0200 Subject: [PATCH] Allow setting a custom HTTP method in CacheBuster (#26528) Co-authored-by: Jorijn Schrijvershof --- app/lib/cache_buster.rb | 17 ++++++--- app/lib/request.rb | 2 +- config/application.rb | 1 + config/initializers/cache_buster.rb | 1 + lib/http_extensions.rb | 10 ++++++ spec/lib/cache_buster_spec.rb | 56 +++++++++++++++++++++++++++++ 6 files changed, 81 insertions(+), 6 deletions(-) create mode 100644 lib/http_extensions.rb create mode 100644 spec/lib/cache_buster_spec.rb diff --git a/app/lib/cache_buster.rb b/app/lib/cache_buster.rb index 035611518e..c54b0da1a1 100644 --- a/app/lib/cache_buster.rb +++ b/app/lib/cache_buster.rb @@ -2,8 +2,14 @@ class CacheBuster def initialize(options = {}) - @secret_header = options[:secret_header] || 'Secret-Header' - @secret = options[:secret] || 'True' + ActiveSupport::Deprecation.warn('Default values for the cache buster secret header name and values will be removed in Mastodon 4.3. Please set them explicitely if you rely on those.') unless options[:http_method] || (options[:secret] && options[:secret_header]) + + @secret_header = options[:secret_header] || + (options[:http_method] ? nil : 'Secret-Header') + @secret = options[:secret] || + (options[:http_method] ? nil : 'True') + + @http_method = options[:http_method] || 'GET' end def bust(url) @@ -21,8 +27,9 @@ class CacheBuster end def build_request(url, http_client) - Request.new(:get, url, http_client: http_client).tap do |request| - request.add_headers(@secret_header => @secret) - end + request = Request.new(@http_method.downcase.to_sym, url, http_client: http_client) + request.add_headers(@secret_header => @secret) if @secret_header.present? && @secret && !@secret.empty? + + request end end diff --git a/app/lib/request.rb b/app/lib/request.rb index e5a9476a8e..fa0e3472f6 100644 --- a/app/lib/request.rb +++ b/app/lib/request.rb @@ -117,7 +117,7 @@ class Request def perform begin - response = http_client.public_send(@verb, @url.to_s, @options.merge(headers: headers)) + response = http_client.request(@verb, @url.to_s, @options.merge(headers: headers)) rescue => e raise e.class, "#{e.message} on #{@url}", e.backtrace[0] end diff --git a/config/application.rb b/config/application.rb index 372adc1680..2a62c37e8b 100644 --- a/config/application.rb +++ b/config/application.rb @@ -51,6 +51,7 @@ require_relative '../lib/rails/engine_extensions' require_relative '../lib/active_record/database_tasks_extensions' require_relative '../lib/active_record/batches' require_relative '../lib/simple_navigation/item_extensions' +require_relative '../lib/http_extensions' Dotenv::Railtie.load diff --git a/config/initializers/cache_buster.rb b/config/initializers/cache_buster.rb index 227e450f35..a49fba671b 100644 --- a/config/initializers/cache_buster.rb +++ b/config/initializers/cache_buster.rb @@ -6,5 +6,6 @@ Rails.application.configure do config.x.cache_buster = { secret_header: ENV['CACHE_BUSTER_SECRET_HEADER'], secret: ENV['CACHE_BUSTER_SECRET'], + http_method: ENV['CACHE_BUSTER_HTTP_METHOD'] || 'GET', } end diff --git a/lib/http_extensions.rb b/lib/http_extensions.rb new file mode 100644 index 0000000000..2bc0618c4c --- /dev/null +++ b/lib/http_extensions.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +# Monkey patching until https://github.com/httprb/http/pull/757 is merged +unless HTTP::Request::METHODS.include?(:purge) + module HTTP + class Request + METHODS = METHODS.dup.push(:purge).freeze + end + end +end diff --git a/spec/lib/cache_buster_spec.rb b/spec/lib/cache_buster_spec.rb new file mode 100644 index 0000000000..84085608e8 --- /dev/null +++ b/spec/lib/cache_buster_spec.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe CacheBuster do + subject { described_class.new(secret_header: secret_header, secret: secret, http_method: http_method) } + + let(:secret_header) { nil } + let(:secret) { nil } + let(:http_method) { nil } + + let(:purge_url) { 'https://example.com/test_purge' } + + describe '#bust' do + shared_examples 'makes_request' do + it 'makes an HTTP purging request' do + method = http_method&.to_sym || :get + stub_request(method, purge_url).to_return(status: 200) + + subject.bust(purge_url) + + test_request = a_request(method, purge_url) + + test_request = test_request.with(headers: { secret_header => secret }) if secret && secret_header + + expect(test_request).to have_been_made.once + end + end + + context 'when using default options' do + include_examples 'makes_request' + end + + context 'when specifying a secret header' do + let(:secret_header) { 'X-Purge-Secret' } + let(:secret) { SecureRandom.hex(20) } + + include_examples 'makes_request' + end + + context 'when specifying a PURGE method' do + let(:http_method) { 'purge' } + + context 'when not using headers' do + include_examples 'makes_request' + end + + context 'when specifying a secret header' do + let(:secret_header) { 'X-Purge-Secret' } + let(:secret) { SecureRandom.hex(20) } + + include_examples 'makes_request' + end + end + end +end