Commit Graph

99 Commits

Author SHA1 Message Date
marcin mikołajczak 10886eeaa2 Bump copyright year
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-01-01 12:13:06 +01:00
Pierre-Louis Bonicoli a158774364
hackney adapter helper & reverse proxy client: enable TLSv1.3
The list of TLS versions was added by
8bd2b6eb13 when hackney version was
pinned to 1.15.2. Later hackney version was upgraded
(166455c884) but the list of TLS
versions wasn't removed. From the hackney point of view, this list has
been replaced by the OTP defaults since 0.16.0
(734694ea4e24f267864c459a2f050e943adc6694).

It looks like the same issue already occurred before:
0cb7b0ea84.

A way to test this issue (where example.com is an ActivityPub site
which uses TLSv1.3 only):

   $ PLEROMA_CONFIG_PATH=/path/to/config.exs pleroma start_iex
   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Erlang/OTP 22 [erts-10.7.2.16] [source] [64-bit] [smp:2:2] [ds:2:2:10] [async-threads:1] [hipe]

   Interactive Elixir (1.10.4) - press Ctrl+C to exit (type h() ENTER for help)
   iex(pleroma@127.0.0.1)2> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
    {:tls_alert,
     {:protocol_version,
      'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}

With this patch, the output is the expected one:

   iex(pleroma@127.0.0.1)3> Pleroma.Object.Fetcher.fetch_and_contain_remote_object_from_id("https://example.com/@/Nick/")
   {:error,
   {:ok,
    %{
      "@context" => [
        "https://www.w3.org/ns/activitystreams",
        "https://w3id.org/security/v1",
        %{
          "Emoji" => "toot:Emoji",
          "Hashtag" => "as:Hashtag",
          "atomUri" => "ostatus:atomUri",
          "conversation" => "ostatus:conversation",
          "featured" => "toot:featured",
          "focalPoint" => %{"@container" => "@list", "@id" => "toot:focalPoint"},
          "inReplyToAtomUri" => "ostatus:inReplyToAtomUri",
          "manuallyApprovesFollowers" => "as:manuallyApprovesFollowers",
          "movedTo" => "as:movedTo",
          "ostatus" => "http://ostatus.org#",
          "sensitive" => "as:sensitive",
          "toot" => "http://joinmastodon.org/ns#"
        }
      ],
      "endpoints" => %{"sharedInbox" => "https://example.com/inbox"},
      "followers" => "https://example.com/@/Nick/followers",
      "following" => nil,
      "icon" => %{
        "type" => "Image",
        "url" => "https://example.com/static/media/[...].png"
      },
      "id" => "https://example.com/@/Nick/",
      "inbox" => "https://example.com/@/Nick/inbox",
      "liked" => nil,
      "name" => "Nick",
      "outbox" => "https://example.com/@/Nick/outbox",
      "preferredUsername" => "Nick",
      "publicKey" => %{
        "id" => "https://example.com/@/Nick/#main-key",
        "owner" => "https://example.com/@/Nick/",
        "publicKeyPem" => "[...]
      },
      "summary" => "",
      "type" => "Person",
      "url" => "https://example.com/@/Nick/"
    }}

A way to test the reverse proxy bits of this issue (where example.com allows TLSv1.3 only):

    iex(pleroma@127.0.0.1)1> Pleroma.ReverseProxy.Client.Hackney.request("GET", "https://example.com", [], [])
    {:error,
     {:tls_alert,
      {:protocol_version,
       'TLS client: In state hello received SERVER ALERT: Fatal - Protocol Version\n'}}}
2022-05-31 00:51:45 +02:00
Sean King 17aa3644be
Copyright bump for 2022 2022-02-25 23:11:42 -07:00
Haelwenn (lanodan) Monnier ab32ea44f0
mix.exs: Apply OTP24 fixes to web_push_encryption 2021-06-03 19:11:16 +02:00
Alex Gleason 0ada3fe823
Gun: use runtime deps in ConnectionPool
Speed up recompilation time by breaking compile-time cycles
2021-05-29 11:35:53 -05:00
Haelwenn (lanodan) Monnier c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
Alexander Strizhakov 7f5dbb0201
changes after rebase 2020-10-13 16:44:03 +03:00
Alexander Strizhakov c4c5caedd8
changes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov 0374df1d12
other files consistency 2020-10-13 16:38:19 +03:00
Mark Felder 8539e386c3 Add missing Copyright headers 2020-10-12 12:00:50 -05:00
Alexander Strizhakov cbdaabad34
web push http_client fix 2020-10-01 13:32:11 +03:00
Alexander Strizhakov 696bf09433
passing adapter options directly without adapter key 2020-09-07 19:59:17 +03:00
Alexander Strizhakov a83916fdac
adapter options unification
not needed options deletion
2020-09-07 19:59:17 +03:00
Alexander Strizhakov 8bd2b6eb13
temp hackney fix 2020-09-04 14:24:15 +03:00
rinpatch d34fe2840d HTTP: radically simplify pool checkin/checkout
Use a custom tesla middleware instead of adapter helper function +
custom redirect middleware.

This will also fix "Client died before releasing the connection"
messages when the request pool is overloaded. Since the checkout is
now done after passing ConcurrentLimiter.

This is technically less efficient, since the connection needs to be
checked in/out every time the middleware is left or entered respectively.
But I don't think the nanoseconds we might lose on redirects
to the same host are worth the complexity.
2020-09-03 23:44:13 +03:00
Alexander Strizhakov 84fbf16161
timeout option moved to gun adapter helper 2020-09-02 10:50:51 +03:00
Alexander Strizhakov 1c57ef4498
default pool for tz_data client 2020-09-02 10:33:43 +03:00
Alexander Strizhakov 5e8adf91b4
don't overwrite passed pool option in http clients 2020-09-02 09:04:23 +03:00
Alexander Strizhakov c17d83cd73
improvements and fixes for http requests
- fix for gun worker termination in some circumstances
- pool for http clients (ex_aws, tzdata)
- default pool timeouts for gun
- gun retries on gun_down messages
- s3 upload timeout if streaming enabled
2020-09-02 09:04:23 +03:00
Roman Chvanikov 4bf44b7d65 Don't override user-agent header if it's been set 2020-08-01 10:04:25 +03:00
href 4bac25e6f5 Don't enable Pleroma.HTTP.Middleware.FollowRedirects unless Gun is used 2020-07-18 13:17:38 +02:00
href 6d583bcc3b Set a default timeout for Gun adapter timeout 2020-07-15 15:26:35 +03:00
href ce1a42bd04 Simplify TLS opts
- `verify_fun` is not useful now
- use `customize_check_hostname` (OTP 20+ so OK)
- `partial_chain` is useless as of OTP 21.1 (wasn't there, but hackney/..
uses it)
2020-07-15 15:26:35 +03:00
href 6a0f2bdf8c Ensure connections error get known by the caller 2020-07-15 15:26:35 +03:00
rinpatch 9b73c35ca8 Request limiter setup: consider {:error, :existing} a success
When the application restarts (which happens after certain config
changes), the limiters are not destroyed, so `ConcurrentLimiter.new`
will produce {:error, :existing}
2020-07-15 15:26:35 +03:00
rinpatch 37f1e781cb Gun adapter helper: fix wildcard cert issues on OTP 23
See https://bugs.erlang.org/browse/ERL-1260 for more info.

The ssl match function is basically copied from mint, except
that `:string.lowercase/1` was replaced by `:string.casefold`.
It was a TODO in mint's code, so might as well do it since we don't need
to support OTP <20.

Closes #1834
2020-07-15 15:26:35 +03:00
rinpatch 00926a63fb Adapter Helper: Use built-in ip address type 2020-07-15 15:26:35 +03:00
rinpatch 4128e3a84a HTTP: Implement max request limits 2020-07-15 15:26:35 +03:00
rinpatch 94c8f3cfaf Use a custom pool-aware FollowRedirects middleware 2020-07-15 15:26:35 +03:00
rinpatch 58a4f350a8 Refactor gun pooling and simplify adapter option insertion
This patch refactors gun pooling to use Elixir process registry and
simplifies adapter option insertion.

Having the pool use process registry instead of a GenServer has a number of advantages:
- Simpler code: the initial implementation adds about half the lines of code it deletes
- Concurrency: unlike a GenServer, ETS-based registry can handle multiple checkout/checkin
requests at the same time
- Precise and easy idle connection clousure: current proposal for closing idle connections in
the GenServer-based pool needs to filter through all connections once a minute and compare their
last active time with closing time. With Elixir process registry this can be done
by just using `Process.send_after`/`Process.cancel_timer` in the worker process.
- Lower memory footprint: In my tests `gun-memory-leak` branch uses about 290mb on peak load (250 connections)
and 235mb on idle (5-10 connections). Registry-based pool uses 210mb on idle and 240mb on peak load
2020-07-15 15:17:27 +03:00
Maksim Pechnikov 439a1a0218 added wrapper Pleroma.HTTP for ExAws.S3 2020-06-25 07:12:29 +03:00
Maksim Pechnikov 721fc7c554 added wrapper Pleroma.HTTP for Tzdata.HTTPClient 2020-06-24 09:12:32 +03:00
rinpatch 0cb7b0ea84 hackney adapter helper: support tlsv1.3 and remove custom opts
- partitial_chain is no longer exported, but it seems to be the default anyway.
- The bug that caused sni to not be sent automatically seems to be fixed -
https://github.com/benoitc/hackney/issues/612
2020-05-30 15:36:55 +03:00
Alexander Strizhakov 98ed0d1c4b
more clean up 2020-03-13 09:37:57 +03:00
Alexander Strizhakov 1306b92997
clean up 2020-03-12 18:29:07 +03:00
Alexander Strizhakov f39e1b9eff
add verify tls_opts only when we open connection
for other requests tesla will add tls_opts
2020-03-10 15:54:11 +03:00
Alexander Strizhakov 78282dc983
little polishing 2020-03-06 21:24:19 +03:00
Alexander Strizhakov c93c3096d5
little refactor 2020-03-06 21:04:18 +03:00
Alexander Strizhakov f0753eed0f
removing try block in tesla request
added mocks for tests which fail with Tesla.Mock.Error
2020-03-05 17:31:06 +03:00
Alexander Strizhakov d6bebd4f9c
moving some logic to tesla adapter
- checking original inside gun adapter
- flushing streams on max_body error
2020-03-04 18:13:24 +03:00
Mark Felder d9c5ae7c09 Update Copyrights for gun related files 2020-03-03 17:16:24 -06:00
Mark Felder 4427161ca3 Merge branch 'develop' into gun 2020-03-03 17:15:49 -06:00
Mark Felder 05da5f5cca Update Copyrights 2020-03-03 16:44:49 -06:00
Alexander Strizhakov f98ee730f0
adapter renaming to adapter_helper 2020-03-03 18:53:44 +03:00
Alexander Strizhakov 8854770fc4
retry and retry_timeout settings default change 2020-03-03 18:01:35 +03:00
Alexander Strizhakov 1ad34bfdba
no try block in checkout connection 2020-03-03 17:44:04 +03:00
Alexander Strizhakov 24bf5c4e89
remove try block from pool request 2020-03-03 17:27:56 +03:00
Alexander Strizhakov aaa879ce75
proxy parsing errors 2020-03-03 17:27:22 +03:00
Alexander Strizhakov 6ebf389d6e
poolboy timeout fix 2020-03-03 16:51:49 +03:00
Alexander Strizhakov e605e79df9
simplification of formatting host method
case for format_proxy method
2020-03-03 16:42:03 +03:00