Merge branch 'fix/reverse-proxy-body-too-large' into 'develop'

Reverse Proxy max_body_size is incorrect

See merge request pleroma/pleroma!1581
This commit is contained in:
lain 2019-08-19 17:05:30 +00:00
commit 10696ce2ee
3 changed files with 13 additions and 4 deletions

View file

@ -43,6 +43,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected. - Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.
- Report email not being sent to admins when the reporter is a remote user - Report email not being sent to admins when the reporter is a remote user
- MRF: ensure that subdomain_match calls are case-insensitive - MRF: ensure that subdomain_match calls are case-insensitive
- Reverse Proxy limiting `max_body_length` was incorrectly defined and only checked `Content-Length` headers which may not be sufficient in some circumstances
- MRF: fix use of unserializable keyword lists in describe() implementations - MRF: fix use of unserializable keyword lists in describe() implementations
### Added ### Added

View file

@ -109,7 +109,11 @@ defmodule Pleroma.ReverseProxy do
end end
with {:ok, code, headers, client} <- request(method, url, req_headers, hackney_opts), with {:ok, code, headers, client} <- request(method, url, req_headers, hackney_opts),
:ok <- header_length_constraint(headers, Keyword.get(opts, :max_body_length)) do :ok <-
header_length_constraint(
headers,
Keyword.get(opts, :max_body_length, @max_body_length)
) do
response(conn, client, url, code, headers, opts) response(conn, client, url, code, headers, opts)
else else
{:ok, code, headers} -> {:ok, code, headers} ->
@ -200,7 +204,11 @@ defmodule Pleroma.ReverseProxy do
{:ok, data} <- client().stream_body(client), {:ok, data} <- client().stream_body(client),
{:ok, duration} <- increase_read_duration(duration), {:ok, duration} <- increase_read_duration(duration),
sent_so_far = sent_so_far + byte_size(data), sent_so_far = sent_so_far + byte_size(data),
:ok <- body_size_constraint(sent_so_far, Keyword.get(opts, :max_body_size)), :ok <-
body_size_constraint(
sent_so_far,
Keyword.get(opts, :max_body_length, @max_body_length)
),
{:ok, conn} <- chunk(conn, data) do {:ok, conn} <- chunk(conn, data) do
chunk_reply(conn, client, opts, sent_so_far, duration) chunk_reply(conn, client, opts, sent_so_far, duration)
else else

View file

@ -108,11 +108,11 @@ defmodule Pleroma.ReverseProxyTest do
end end
end end
test "max_body_size returns error if streaming body more than that option", %{conn: conn} do test "max_body_length returns error if streaming body more than that option", %{conn: conn} do
stream_mock(3, true) stream_mock(3, true)
assert capture_log(fn -> assert capture_log(fn ->
ReverseProxy.call(conn, "/stream-bytes/50", max_body_size: 30) ReverseProxy.call(conn, "/stream-bytes/50", max_body_length: 30)
end) =~ end) =~
"[warn] Elixir.Pleroma.ReverseProxy request to /stream-bytes/50 failed while reading/chunking: :body_too_large" "[warn] Elixir.Pleroma.ReverseProxy request to /stream-bytes/50 failed while reading/chunking: :body_too_large"
end end