Support "http_hidden_proxy" ENV var for hidden service only proxy (#18427)

* Support "http_hidden_proxy" ENV var for hidden service only proxy * Fallback to http_proxy if http_hidden_proxy is not set
2 years ago · 861b35dd54
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@ -31,7 +31,7 @@ class Request
    @url         = Addressable::URI.parse(url).normalize
    @http_client = options.delete(:http_client)
    @options     = options.merge(socket_class: use_proxy? ? ProxySocket : Socket)
    @options     = @options.merge(Rails.configuration.x.http_client_proxy) if use_proxy?
    @options     = @options.merge(proxy_url) if use_proxy?
    @headers     = {}

    raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if block_hidden_service?
@ -141,11 +141,23 @@ class Request
  end

  def use_proxy?
    Rails.configuration.x.http_client_proxy.present?
    proxy_url.present?
  end

  def proxy_url
    if hidden_service? && Rails.configuration.x.http_client_hidden_proxy.present?
      Rails.configuration.x.http_client_hidden_proxy
    else
      Rails.configuration.x.http_client_proxy
    end
  end

  def block_hidden_service?
    !Rails.configuration.x.access_to_hidden_service && /\.(onion|i2p)$/.match?(@url.host)
    !Rails.configuration.x.access_to_hidden_service && hidden_service?
  end

  def hidden_service?
    /\.(onion|i2p)$/.match?(@url.host)
  end

  module ClientLimit
--- a/config/initializers/http_client_proxy.rb
+++ b/config/initializers/http_client_proxy.rb
@ -18,5 +18,22 @@ Rails.application.configure do
    }.compact
  end

  if ENV['http_hidden_proxy'].present?
    proxy = URI.parse(ENV['http_hidden_proxy'])

    raise "Unsupported proxy type: #{proxy.scheme}" unless %w(http https).include? proxy.scheme
    raise "No proxy host" unless proxy.host

    host = proxy.host
    host = host[1...-1] if host[0] == '[' # for IPv6 address

    config.x.http_client_hidden_proxy[:proxy] = {
      proxy_address: host,
      proxy_port: proxy.port,
      proxy_username: proxy.user,
      proxy_password: proxy.password,
    }.compact
  end

  config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
 end