Support "http_hidden_proxy" ENV var for hidden service only proxy (#18427)

* Support "http_hidden_proxy" ENV var for hidden service only proxy

* Fallback to http_proxy if http_hidden_proxy is not set

diff --git a/app/lib/request.rb b/app/lib/request.rb
index 4289da9333de82b80c5907e770f7ed705e34f121..f5123d776ab305a8c81e8a146d024ff1f82030d4 100644 (file)
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -31,7 +31,7 @@ class Request
     @url         = Addressable::URI.parse(url).normalize
     @http_client = options.delete(:http_client)
     @options     = options.merge(socket_class: use_proxy? ? ProxySocket : Socket)
-    @options     = @options.merge(Rails.configuration.x.http_client_proxy) if use_proxy?
+    @options     = @options.merge(proxy_url) if use_proxy?
     @headers     = {}
 
     raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if block_hidden_service?
@@ -141,11 +141,23 @@ class Request
   end
 
   def use_proxy?
-    Rails.configuration.x.http_client_proxy.present?
+    proxy_url.present?
+  end
+
+  def proxy_url
+    if hidden_service? && Rails.configuration.x.http_client_hidden_proxy.present?
+      Rails.configuration.x.http_client_hidden_proxy
+    else
+      Rails.configuration.x.http_client_proxy
+    end
   end
 
   def block_hidden_service?
-    !Rails.configuration.x.access_to_hidden_service && /\.(onion|i2p)$/.match?(@url.host)
+    !Rails.configuration.x.access_to_hidden_service && hidden_service?
+  end
+
+  def hidden_service?
+    /\.(onion|i2p)$/.match?(@url.host)
   end
 
   module ClientLimit

diff --git a/config/initializers/http_client_proxy.rb b/config/initializers/http_client_proxy.rb
index 7a9b7b86d7d9002390479722d281a54563774137..b29e9edd7502fd9c897ec13075a3a6c412c2aea3 100644 (file)
--- a/config/initializers/http_client_proxy.rb
+++ b/config/initializers/http_client_proxy.rb
@@ -18,5 +18,22 @@ Rails.application.configure do
     }.compact
   end
 
+  if ENV['http_hidden_proxy'].present?
+    proxy = URI.parse(ENV['http_hidden_proxy'])
+
+    raise "Unsupported proxy type: #{proxy.scheme}" unless %w(http https).include? proxy.scheme
+    raise "No proxy host" unless proxy.host
+
+    host = proxy.host
+    host = host[1...-1] if host[0] == '[' # for IPv6 address
+
+    config.x.http_client_hidden_proxy[:proxy] = {
+      proxy_address: host,
+      proxy_port: proxy.port,
+      proxy_username: proxy.user,
+      proxy_password: proxy.password,
+    }.compact
+  end
+
   config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
 end