[feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs (#2134)

* [feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs * env parsing tests, my coy mistress
author: tobi <31960611+tsmethurst@users.noreply.github.com> 2023-08-20 13:35:55 +0200
committer: GitHub <noreply@github.com> 2023-08-20 13:35:55 +0200
commit: 1e2db7a32f72ee01497a08c67e6f7f507890ee71 (patch)
tree: 76a6e64c3897ff183383bdb20b185f42cc462a16 /internal/middleware/middleware_test.go
parent: [feature] Instance rules (#2125) (diff)
download: gotosocial-1e2db7a32f72ee01497a08c67e6f7f507890ee71.tar.xz
1 files changed, 26 insertions, 53 deletions
diff --git a/internal/middleware/middleware_test.go b/internal/middleware/middleware_test.go
index 29376304e..fad05931b 100644
--- a/internal/middleware/middleware_test.go
+++ b/internal/middleware/middleware_test.go
@@ -20,80 +20,53 @@ package middleware_test
 import (
 	"testing"
 
-	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/middleware"
 )
 
 func TestBuildContentSecurityPolicy(t *testing.T) {
 	type cspTest struct {
-		s3Endpoint string
-		s3Proxy    bool
-		s3Secure   bool
-		expected   string
-		actual     string
+		extraURLs []string
+		expected  string
 	}
 
 	for _, test := range []cspTest{
 		{
-			s3Endpoint: "",
-			s3Proxy:    false,
-			s3Secure:   false,
-			expected:   "default-src 'self'; object-src 'none'; img-src 'self' blob:",
+			extraURLs: nil,
+			expected:  "default-src 'self'; object-src 'none'; img-src 'self' blob:; media-src 'self'",
 		},
 		{
-			s3Endpoint: "some-bucket-provider.com",
-			s3Proxy:    false,
-			s3Secure:   true,
-			expected:   "default-src 'self'; object-src 'none'; img-src 'self' blob: https://some-bucket-provider.com; media-src 'self' https://some-bucket-provider.com",
+			extraURLs: []string{
+				"https://some-bucket-provider.com",
+			},
+			expected: "default-src 'self'; object-src 'none'; img-src 'self' blob: https://some-bucket-provider.com; media-src 'self' https://some-bucket-provider.com",
 		},
 		{
-			s3Endpoint: "some-bucket-provider.com:6969",
-			s3Proxy:    false,
-			s3Secure:   true,
-			expected:   "default-src 'self'; object-src 'none'; img-src 'self' blob: https://some-bucket-provider.com:6969; media-src 'self' https://some-bucket-provider.com:6969",
+			extraURLs: []string{
+				"https://some-bucket-provider.com:6969",
+			},
+			expected: "default-src 'self'; object-src 'none'; img-src 'self' blob: https://some-bucket-provider.com:6969; media-src 'self' https://some-bucket-provider.com:6969",
 		},
 		{
-			s3Endpoint: "some-bucket-provider.com:6969",
-			s3Proxy:    false,
-			s3Secure:   false,
-			expected:   "default-src 'self'; object-src 'none'; img-src 'self' blob: http://some-bucket-provider.com:6969; media-src 'self' http://some-bucket-provider.com:6969",
+			extraURLs: []string{
+				"http://some-bucket-provider.com:6969",
+			},
+			expected: "default-src 'self'; object-src 'none'; img-src 'self' blob: http://some-bucket-provider.com:6969; media-src 'self' http://some-bucket-provider.com:6969",
 		},
 		{
-			s3Endpoint: "s3.nl-ams.scw.cloud",
-			s3Proxy:    false,
-			s3Secure:   true,
-			expected:   "default-src 'self'; object-src 'none'; img-src 'self' blob: https://s3.nl-ams.scw.cloud; media-src 'self' https://s3.nl-ams.scw.cloud",
+			extraURLs: []string{
+				"https://s3.nl-ams.scw.cloud",
+			},
+			expected: "default-src 'self'; object-src 'none'; img-src 'self' blob: https://s3.nl-ams.scw.cloud; media-src 'self' https://s3.nl-ams.scw.cloud",
 		},
 		{
-			s3Endpoint: "some-bucket-provider.com",
-			s3Proxy:    true,
-			s3Secure:   true,
-			expected:   "default-src 'self'; object-src 'none'; img-src 'self' blob:",
-		},
-		{
-			s3Endpoint: "some-bucket-provider.com:6969",
-			s3Proxy:    true,
-			s3Secure:   true,
-			expected:   "default-src 'self'; object-src 'none'; img-src 'self' blob:",
-		},
-		{
-			s3Endpoint: "some-bucket-provider.com:6969",
-			s3Proxy:    true,
-			s3Secure:   true,
-			expected:   "default-src 'self'; object-src 'none'; img-src 'self' blob:",
-		},
-		{
-			s3Endpoint: "s3.nl-ams.scw.cloud",
-			s3Proxy:    true,
-			s3Secure:   true,
-			expected:   "default-src 'self'; object-src 'none'; img-src 'self' blob:",
+			extraURLs: []string{
+				"https://s3.nl-ams.scw.cloud",
+				"https://s3.somewhere.else.example.org",
+			},
+			expected: "default-src 'self'; object-src 'none'; img-src 'self' blob: https://s3.nl-ams.scw.cloud https://s3.somewhere.else.example.org; media-src 'self' https://s3.nl-ams.scw.cloud https://s3.somewhere.else.example.org",
 		},
 	} {
-		config.SetStorageS3Endpoint(test.s3Endpoint)
-		config.SetStorageS3Proxy(test.s3Proxy)
-		config.SetStorageS3UseSSL(test.s3Secure)
-
-		csp := middleware.BuildContentSecurityPolicy()
+		csp := middleware.BuildContentSecurityPolicy(test.extraURLs...)
 		if csp != test.expected {
 			t.Logf("expected '%s', got '%s'", test.expected, csp)
 			t.Fail()
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2023-08-20 13:35:55 +0200
committer	GitHub <noreply@github.com>	2023-08-20 13:35:55 +0200
commit	1e2db7a32f72ee01497a08c67e6f7f507890ee71 (patch)
tree	76a6e64c3897ff183383bdb20b185f42cc462a16 /internal/middleware/middleware_test.go
parent	[feature] Instance rules (#2125) (diff)
download	gotosocial-1e2db7a32f72ee01497a08c67e6f7f507890ee71.tar.xz