jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #3226 from evazion/fix-3224

Browse Source 
Fix #3224: 403 Forbidden when logging in to DeviantArt.
This commit is contained in:
Albert Yi
2017-07-20 15:37:26 -07:00
committed by GitHub
parent 8dafa15069 93d44c6b84
commit 2e09d5f1e7
9 changed files with 31 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/controllers/uploads_controller.rb
View File

@@ -6,19 +6,13 @@ class UploadsController < ApplicationController
@upload = Upload.new @upload = Upload.new
@upload_notice_wiki = WikiPage.titled(Danbooru.config.upload_notice_wiki_page).first @upload_notice_wiki = WikiPage.titled(Danbooru.config.upload_notice_wiki_page).first
if params[:url] if params[:url]
@normalized_url = params[:url] download = Downloads::File.new(params[:url], ".")
headers = default_headers() @normalized_url, _, _ = download.before_download(params[:url], {})
data = {}
Downloads::RewriteStrategies::Base.strategies.each do |strategy|
@normalized_url, headers, data = strategy.new(@normalized_url).rewrite(@normalized_url, headers, data)
end
@post = find_post_by_url(@normalized_url) @post = find_post_by_url(@normalized_url)
begin begin
@source = Sources::Site.new(params[:url], :referer_url => params[:ref]) @source = Sources::Site.new(params[:url], :referer_url => params[:ref])
@remote_size = Downloads::File.new(@normalized_url, ".").size @remote_size = download.size
rescue Exception rescue Exception
end end
end end
@@ -79,12 +73,6 @@ protected
end end
end end
def default_headers
{
"User-Agent" => "#{Danbooru.config.safe_app_name}/#{Danbooru.config.version}"
}
end
def save_recent_tags def save_recent_tags
if @upload if @upload
tags = Tag.scan_tags(@upload.tag_string) tags = Tag.scan_tags(@upload.tag_string)

17
app/logical/downloads/file.rb
View File

@@ -26,10 +26,7 @@ module Downloads
end end
def size def size
headers = { @source, _, @data = before_download(@source, @data)
"User-Agent" => "#{Danbooru.config.safe_app_name}/#{Danbooru.config.version}"
}
@source, headers, @data = before_download(@source, headers, @data)
url = URI.parse(@source) url = URI.parse(@source)
res = HTTParty.head(url, Danbooru.config.httparty_options.reverse_merge(timeout: 3)) res = HTTParty.head(url, Danbooru.config.httparty_options.reverse_merge(timeout: 3))
res.content_length res.content_length
@@ -45,7 +42,9 @@ module Downloads
@source = after_download(@source) @source = after_download(@source)
end end
def before_download(url, headers, datums) def before_download(url, datums)
headers = Danbooru.config.http_headers
RewriteStrategies::Base.strategies.each do |strategy| RewriteStrategies::Base.strategies.each do |strategy|
url, headers, datums = strategy.new(url).rewrite(url, headers, datums) url, headers, datums = strategy.new(url).rewrite(url, headers, datums)
end end
@@ -80,16 +79,14 @@ module Downloads
raise Error.new("URL must be HTTP or HTTPS") raise Error.new("URL must be HTTP or HTTPS")
end end
headers = { src, headers, datums = before_download(src, datums)
"User-Agent" => "#{Danbooru.config.safe_app_name}/#{Danbooru.config.version}"
}
src, headers, datums = before_download(src, headers, datums)
url = URI.parse(src) url = URI.parse(src)
validate_local_hosts(url) validate_local_hosts(url)
begin begin
res = HTTParty.get(url, Danbooru.config.httparty_options.reverse_merge(stream_body: true, timeout: 10, headers: headers), &block) options = { stream_body: true, timeout: 10, headers: headers }
res = HTTParty.get(url, options.deep_merge(Danbooru.config.httparty_options), &block)
if res.success? if res.success?
if max_size if max_size

7
app/logical/downloads/rewrite_strategies/art_station.rb
View File

@@ -5,7 +5,7 @@ module Downloads
# example: https://cdnb3.artstation.com/p/assets/images/images/003/716/071/large/aoi-ogata-hate-city.jpg?1476754974 # example: https://cdnb3.artstation.com/p/assets/images/images/003/716/071/large/aoi-ogata-hate-city.jpg?1476754974
if url =~ %r!^https?://cdn\w*\.artstation\.com/p/assets/images/images/\d+/\d+/\d+/(?:medium|small|large)/! if url =~ %r!^https?://cdn\w*\.artstation\.com/p/assets/images/images/\d+/\d+/\d+/(?:medium|small|large)/!
original_url, headers = rewrite_large_url(url, headers) original_url, headers = rewrite_large_url(url, headers)
if test_original(original_url) if http_exists?(original_url, headers)
url = original_url url = original_url
end end
else else
@@ -16,11 +16,6 @@ module Downloads
end end
protected protected
def test_original(url)
res = http_head_request(url, {})
res.success?
end
def rewrite_html_url(url, headers) def rewrite_html_url(url, headers)
return [url, headers] unless Sources::Strategies::ArtStation.url_match?(url) return [url, headers] unless Sources::Strategies::ArtStation.url_match?(url)

6
app/logical/downloads/rewrite_strategies/base.rb
View File

@@ -20,12 +20,8 @@ module Downloads
end end
protected protected
def http_head_request(url, headers)
HTTParty.head(url, Danbooru.config.httparty_options.merge(headers: headers))
end
def http_exists?(url, headers) def http_exists?(url, headers)
res = http_head_request(url, headers) res = HTTParty.head(url, Danbooru.config.httparty_options.deep_merge(headers: headers))
res.success? res.success?
end end
end end

6
app/logical/image_proxy.rb
View File

@@ -16,11 +16,7 @@ class ImageProxy
raise "Proxy not allowed for this site" raise "Proxy not allowed for this site"
end end
headers = { response = HTTParty.get(url, Danbooru.config.httparty_options.deep_merge(headers: {"Referer" => fake_referer_for(url)}))
"Referer" => fake_referer_for(url),
"User-Agent" => "#{Danbooru.config.safe_app_name}/#{Danbooru.config.version}"
}
response = HTTParty.get(url, Danbooru.config.httparty_options.merge(headers: headers))
if response.success? if response.success?
return response return response
else else

9
app/logical/pixiv_api_client.rb
View File

@@ -123,19 +123,18 @@ class PixivApiClient
end end
def works(illust_id) def works(illust_id)
headers = { headers = Danbooru.config.http_headers.merge(
"Referer" => "http://www.pixiv.net", "Referer" => "http://www.pixiv.net",
"User-Agent" => "#{Danbooru.config.safe_app_name}/#{Danbooru.config.version}",
"Content-Type" => "application/x-www-form-urlencoded", "Content-Type" => "application/x-www-form-urlencoded",
"Authorization" => "Bearer #{access_token}" "Authorization" => "Bearer #{access_token}"
} )
params = { params = {
"image_sizes" => "large", "image_sizes" => "large",
"include_stats" => "true" "include_stats" => "true"
} }
url = "https://public-api.secure.pixiv.net/v#{API_VERSION}/works/#{illust_id.to_i}.json" url = "https://public-api.secure.pixiv.net/v#{API_VERSION}/works/#{illust_id.to_i}.json"
resp = HTTParty.get(url, Danbooru.config.httparty_options.merge(query: params, headers: headers)) resp = HTTParty.get(url, Danbooru.config.httparty_options.deep_merge(query: params, headers: headers))
if resp.success? if resp.success?
json = parse_api_json(resp.body) json = parse_api_json(resp.body)
@@ -171,7 +170,7 @@ private
} }
url = "https://oauth.secure.pixiv.net/auth/token" url = "https://oauth.secure.pixiv.net/auth/token"
resp = HTTParty.post(url, Danbooru.config.httparty_options.merge(body: params, headers: headers)) resp = HTTParty.post(url, Danbooru.config.httparty_options.deep_merge(body: params, headers: headers))
if resp.success? if resp.success?
json = JSON.parse(resp.body) json = JSON.parse(resp.body)
access_token = json["response"]["access_token"] access_token = json["response"]["access_token"]

2
app/logical/sources/strategies/deviant_art.rb
View File

@@ -142,6 +142,8 @@ module Sources
def session_cookies(mech) def session_cookies(mech)
Cache.get(DEVIANTART_SESSION_CACHE_KEY, 2.hours) do Cache.get(DEVIANTART_SESSION_CACHE_KEY, 2.hours) do
mech.request_headers = Danbooru.config.http_headers
page = mech.get("https://www.deviantart.com/users/login") page = mech.get("https://www.deviantart.com/users/login")
validate_key = page.search('input[name="validate_key"]').attribute("value").value validate_key = page.search('input[name="validate_key"]').attribute("value").value
validate_token = page.search('input[name="validate_token"]').attribute("value").value validate_token = page.search('input[name="validate_token"]').attribute("value").value

12
config/danbooru_default_config.rb
View File

@@ -417,10 +417,20 @@ module Danbooru
false false
end end
# The default headers to be sent with outgoing http requests. Some external
# services will fail if you don't set a valid User-Agent.
def http_headers
{
"User-Agent" => "#{Danbooru.config.safe_app_name}/#{Danbooru.config.version}",
}
end
def httparty_options def httparty_options
# proxy example: # proxy example:
# {http_proxyaddr: "", http_proxyport: "", http_proxyuser: nil, http_proxypass: nil} # {http_proxyaddr: "", http_proxyport: "", http_proxyuser: nil, http_proxypass: nil}
{} {
headers: Danbooru.config.http_headers,
}
end end
# you should override this # you should override this

2
test/helpers/download_helper.rb
View File

@@ -14,7 +14,7 @@ module DownloadTestHelper
tempfile = Tempfile.new("danbooru-test") tempfile = Tempfile.new("danbooru-test")
download = Downloads::File.new(test_source, tempfile.path) download = Downloads::File.new(test_source, tempfile.path)
rewritten_source, headers, _ = download.before_download(test_source, {}, {}) rewritten_source, _, _ = download.before_download(test_source, {})
assert_equal(expected_source, rewritten_source, "Tested source URL: #{test_source}") assert_equal(expected_source, rewritten_source, "Tested source URL: #{test_source}")
end end