Fix #3985: Uploads: 405 Method Not Allowed.

2018-11-11 20:18:21 -06:00
parent 6a7cd6ce8e
commit 7524d52276
4 changed files with 36 additions and 30 deletions
--- a/app/logical/cloudflare_service.rb
+++ b/app/logical/cloudflare_service.rb
@@ -22,6 +22,15 @@ class CloudflareService
    })
  end

+  def ips(expiry: 24.hours)
+    text, code = HttpartyCache.get("https://api.cloudflare.com/client/v4/ips", expiry: expiry)
+    return [] if code != 200
+
+    json = JSON.parse(text, symbolize_names: true)
+    ips = json[:result][:ipv4_cidrs] + json[:result][:ipv6_cidrs]
+    ips.map { |ip| IPAddr.new(ip) }
+  end
+
  def delete(md5, ext)
    url = "https://api.cloudflare.com/client/v4/zones/#{zone}/purge_cache"
    files = ["#{md5}.#{ext}", "preview/#{md5}.jpg", "sample/sample-#{md5}.jpg"].map do |name|
--- a/app/logical/downloads/file.rb
+++ b/app/logical/downloads/file.rb
@@ -10,28 +10,6 @@ module Downloads

    validate :validate_url

-    # Prevent Cloudflare from potentially mangling the image. See issue #3528.
-    def uncached_url
-      url = file_url.dup
-
-      if is_cloudflare?
-        url.query_values = (url.query_values || {}).merge(danbooru_no_cache: SecureRandom.uuid)
-      end
-
-      url
-    end
-
-    def is_cloudflare?
-      return false if ENV["SKIP_CLOUDFLARE_CHECK"]
-
-      Cache.get("is_cloudflare:#{file_url.origin}", 4.hours) do
-        res = HTTParty.head(file_url, httparty_options)
-        raise Error.new("HTTP error code: #{res.code} #{res.message}") unless res.success?
-
-        res.key?("CF-Ray")
-      end
-    end
-
    def initialize(url, referer=nil)
      @url = Addressable::URI.parse(url) rescue nil
      @referer = referer
@@ -79,6 +57,15 @@ module Downloads
      end
    end # def

+    # Prevent Cloudflare from potentially mangling the image. See issue #3528.
+    def uncached_url
+      return file_url unless is_cloudflare?(file_url)
+
+      url = file_url.dup
+      url.query_values = url.query_values.to_h.merge(danbooru_no_cache: SecureRandom.uuid)
+      url
+    end
+
    def file_url
      @file_url ||= Addressable::URI.parse(strategy.image_url)
    end
@@ -95,6 +82,13 @@ module Downloads
        connection_adapter: ValidatingConnectionAdapter,
      }.deep_merge(Danbooru.config.httparty_options)
    end
+
+    def is_cloudflare?(url)
+      return false if ENV["SKIP_CLOUDFLARE_CHECK"]
+
+      ip_addr = IPAddr.new(Resolv.getaddress(url.hostname))
+      CloudflareService.new.ips.any? { |subnet| subnet.include?(ip_addr) }
+    end
  end

  # Hook into HTTParty to validate the IP before following redirects.