Fix #3985: Uploads: 405 Method Not Allowed.

This commit is contained in:
evazion
2018-11-11 20:18:21 -06:00
parent 6a7cd6ce8e
commit 7524d52276
4 changed files with 36 additions and 30 deletions

View File

@@ -22,6 +22,15 @@ class CloudflareService
})
end
def ips(expiry: 24.hours)
text, code = HttpartyCache.get("https://api.cloudflare.com/client/v4/ips", expiry: expiry)
return [] if code != 200
json = JSON.parse(text, symbolize_names: true)
ips = json[:result][:ipv4_cidrs] + json[:result][:ipv6_cidrs]
ips.map { |ip| IPAddr.new(ip) }
end
def delete(md5, ext)
url = "https://api.cloudflare.com/client/v4/zones/#{zone}/purge_cache"
files = ["#{md5}.#{ext}", "preview/#{md5}.jpg", "sample/sample-#{md5}.jpg"].map do |name|

View File

@@ -10,28 +10,6 @@ module Downloads
validate :validate_url
# Prevent Cloudflare from potentially mangling the image. See issue #3528.
def uncached_url
url = file_url.dup
if is_cloudflare?
url.query_values = (url.query_values || {}).merge(danbooru_no_cache: SecureRandom.uuid)
end
url
end
def is_cloudflare?
return false if ENV["SKIP_CLOUDFLARE_CHECK"]
Cache.get("is_cloudflare:#{file_url.origin}", 4.hours) do
res = HTTParty.head(file_url, httparty_options)
raise Error.new("HTTP error code: #{res.code} #{res.message}") unless res.success?
res.key?("CF-Ray")
end
end
def initialize(url, referer=nil)
@url = Addressable::URI.parse(url) rescue nil
@referer = referer
@@ -79,6 +57,15 @@ module Downloads
end
end # def
# Prevent Cloudflare from potentially mangling the image. See issue #3528.
def uncached_url
return file_url unless is_cloudflare?(file_url)
url = file_url.dup
url.query_values = url.query_values.to_h.merge(danbooru_no_cache: SecureRandom.uuid)
url
end
def file_url
@file_url ||= Addressable::URI.parse(strategy.image_url)
end
@@ -95,6 +82,13 @@ module Downloads
connection_adapter: ValidatingConnectionAdapter,
}.deep_merge(Danbooru.config.httparty_options)
end
def is_cloudflare?(url)
return false if ENV["SKIP_CLOUDFLARE_CHECK"]
ip_addr = IPAddr.new(Resolv.getaddress(url.hostname))
CloudflareService.new.ips.any? { |subnet| subnet.include?(ip_addr) }
end
end
# Hook into HTTParty to validate the IP before following redirects.