Merge branch 'bugfix/tesla-safety' into 'develop'

tesla hardening

Closes #712 and #672

See merge request pleroma/pleroma!912
This commit is contained in:
kaniini 2019-03-08 23:02:55 +00:00
commit 5075e8abe5
5 changed files with 28 additions and 26 deletions

View File

@ -8,8 +8,8 @@ defmodule Pleroma.HTTP.Connection do
"""
@hackney_options [
timeout: 10000,
recv_timeout: 20000,
connect_timeout: 2_000,
recv_timeout: 20_000,
follow_redirect: true,
pool: :federation
]
@ -31,6 +31,10 @@ def new(opts \\ []) do
#
defp hackney_options(opts) do
options = Keyword.get(opts, :adapter, [])
@hackney_options ++ options
adapter_options = Pleroma.Config.get([:http, :adapter], [])
@hackney_options
|> Keyword.merge(adapter_options)
|> Keyword.merge(options)
end
end

View File

@ -27,10 +27,10 @@ defmodule Pleroma.HTTP do
"""
def request(method, url, body \\ "", headers \\ [], options \\ []) do
try do
options =
process_request_options(options)
|> process_sni_options(url)
|> process_adapter_options()
params = Keyword.get(options, :params, [])
@ -42,7 +42,14 @@ def request(method, url, body \\ "", headers \\ [], options \\ []) do
|> Builder.add_param(:body, :body, body)
|> Builder.add_param(:query, :query, params)
|> Enum.into([])
|> (&Tesla.request(Connection.new(), &1)).()
|> (&Tesla.request(Connection.new(options), &1)).()
rescue
e ->
{:error, e}
catch
:exit, e ->
{:error, e}
end
end
defp process_sni_options(options, nil), do: options
@ -57,12 +64,6 @@ defp process_sni_options(options, url) do
end
end
def process_adapter_options(options) do
adapter_options = Pleroma.Config.get([:http, :adapter], [])
options ++ [adapter: adapter_options]
end
def process_request_options(options) do
config = Application.get_env(:pleroma, :http, [])
proxy = Keyword.get(config, :proxy_url, nil)

View File

@ -1452,7 +1452,6 @@ def suggestions(%{assigns: %{user: user}} = conn, _) do
url,
[],
adapter: [
timeout: timeout,
recv_timeout: timeout,
pool: :default
]

View File

@ -5,7 +5,6 @@
defmodule Pleroma.Web.RelMe do
@hackney_options [
pool: :media,
timeout: 2_000,
recv_timeout: 2_000,
max_body: 2_000_000
]

View File

@ -11,7 +11,6 @@ defmodule Pleroma.Web.RichMedia.Parser do
@hackney_options [
pool: :media,
timeout: 2_000,
recv_timeout: 2_000,
max_body: 2_000_000
]