diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2023-08-20 13:35:55 +0200 |
|---|---|---|
| committer |  tsmethurst <tobi.smethurst@protonmail.com> | 2023-08-21 17:17:46 +0200 |
| commit | 4b5a3e01d06976ba3aa3af29a0da0145c23ba948 (patch) | |
| tree | 726a6a69a39e58bf749a2c9a5906c59e23675db1 /cmd | |
| parent | [bugfix] fix double firing bun.DB query hooks (#2124) (diff) | |
| download | gotosocial-4b5a3e01d06976ba3aa3af29a0da0145c23ba948.tar.xz | |
[feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs (#2134)
* [feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs
* env parsing tests, my coy mistress
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/gotosocial/action/server/server.go | 23 | ||||
| -rw-r--r-- | cmd/gotosocial/action/testrig/testrig.go | 30 |
2 files changed, 51 insertions, 2 deletions
diff --git a/cmd/gotosocial/action/server/server.go b/cmd/gotosocial/action/server/server.go index eb76b8f43..e966c46be 100644 --- a/cmd/gotosocial/action/server/server.go +++ b/cmd/gotosocial/action/server/server.go @@ -204,6 +204,29 @@ var Start action.GTSAction = func(ctx context.Context) error { middleware.ExtraHeaders(), }...) + // Instantiate Content-Security-Policy + // middleware, with extra URIs. + cspExtraURIs := make([]string, 0) + + // Probe storage to check if extra URI is needed in CSP. + // Error here means something is wrong with storage. + storageCSPUri, err := state.Storage.ProbeCSPUri(ctx) + if err != nil { + return fmt.Errorf("error deriving Content-Security-Policy uri from storage: %w", err) + } + + // storageCSPUri may be empty string if + // not S3-backed storage; check for this. + if storageCSPUri != "" { + cspExtraURIs = append(cspExtraURIs, storageCSPUri) + } + + // Add any extra CSP URIs from config. + cspExtraURIs = append(cspExtraURIs, config.GetAdvancedCSPExtraURIs()...) + + // Add CSP to middlewares. + middlewares = append(middlewares, middleware.ContentSecurityPolicy(cspExtraURIs...)) + // attach global middlewares which are used for every request router.AttachGlobalMiddleware(middlewares...) diff --git a/cmd/gotosocial/action/testrig/testrig.go b/cmd/gotosocial/action/testrig/testrig.go index 8f55c4b4a..ccf92a971 100644 --- a/cmd/gotosocial/action/testrig/testrig.go +++ b/cmd/gotosocial/action/testrig/testrig.go @@ -70,7 +70,11 @@ var Start action.GTSAction = func(ctx context.Context) error { testrig.StandardDBSetup(state.DB, nil) if os.Getenv("GTS_STORAGE_BACKEND") == "s3" { - state.Storage, _ = storage.NewS3Storage() + var err error + state.Storage, err = storage.NewS3Storage() + if err != nil { + return fmt.Errorf("error initializing storage: %w", err) + } } else { state.Storage = testrig.NewInMemoryStorage() } @@ -136,6 +140,29 @@ var Start action.GTSAction = func(ctx context.Context) error { middleware.ExtraHeaders(), }...) + // Instantiate Content-Security-Policy + // middleware, with extra URIs. + cspExtraURIs := make([]string, 0) + + // Probe storage to check if extra URI is needed in CSP. + // Error here means something is wrong with storage. + storageCSPUri, err := state.Storage.ProbeCSPUri(ctx) + if err != nil { + return fmt.Errorf("error deriving Content-Security-Policy uri from storage: %w", err) + } + + // storageCSPUri may be empty string if + // not S3-backed storage; check for this. + if storageCSPUri != "" { + cspExtraURIs = append(cspExtraURIs, storageCSPUri) + } + + // Add any extra CSP URIs from config. + cspExtraURIs = append(cspExtraURIs, config.GetAdvancedCSPExtraURIs()...) + + // Add CSP to middlewares. + middlewares = append(middlewares, middleware.ContentSecurityPolicy(cspExtraURIs...)) + // attach global middlewares which are used for every request router.AttachGlobalMiddleware(middlewares...) @@ -146,7 +173,6 @@ var Start action.GTSAction = func(ctx context.Context) error { // build router modules var idp oidc.IDP - var err error if config.GetOIDCEnabled() { idp, err = oidc.NewIDP(ctx) if err != nil { |