Merge pull request 'Fix StealEmoji’s max size check' (#793) from Oneric/akkoma:emojistealer_contentlength into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/793

lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex

@@ -101,10 +101,19 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
     end
   end
 
+  defp get_int_header(headers, header_name, default \\ nil) do
+    with rawval when rawval != :undefined <- :proplists.get_value(header_name, headers),
+         {int, ""} <- Integer.parse(rawval) do
+      int
+    else
+      _ -> default
+    end
+  end
+
   defp is_remote_size_within_limit?(url) do
     with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <-
            Pleroma.HTTP.request(:head, url, nil, [], []) do
-      content_length = :proplists.get_value("content-length", headers, nil)
+      content_length = get_int_header(headers, "content-length")
       size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit)
 
       accept_unknown =
@@ -172,7 +181,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
               description: <<_::272, _::_*256>>,
               key: :hosts | :rejected_shortcodes | :size_limit,
               suggestions: [any(), ...],
-              type: {:list, :string} | {:list, :string} | :integer
+              type: {:list, :string} | {:list, :string} | :integer | :boolean
             },
             ...
           ],
@@ -209,6 +218,12 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
           type: :integer,
           description: "File size limit (in bytes), checked before an emoji is saved to the disk",
           suggestions: ["100000"]
+        },
+        %{
+          key: :download_unknown_size,
+          type: :boolean,
+          description: "Whether to download emoji if size can't be determined ahead of time",
+          suggestions: [false, true]
         }
       ]
     }

test/pleroma/signature_test.exs

@@ -110,7 +110,7 @@ defmodule Pleroma.SignatureTest do
 
       headers = %{
         host: "test.test",
-        "content-length": 100
+        "content-length": "100"
       }
 
       assert_signature_equal(
@@ -127,7 +127,7 @@ defmodule Pleroma.SignatureTest do
 
       assert Signature.sign(
                user,
-               %{host: "test.test", "content-length": 100}
+               %{host: "test.test", "content-length": "100"}
              ) == {:error, []}
     end
   end

test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs

@@ -202,7 +202,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
 
   test "reject too large content-size before download", %{message: message} do
     clear_config([:mrf_steal_emoji, :download_unknown_size], false)
-    mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2 ** 30}])
+    mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "#{2 ** 30}"}])
 
     refute "firedfox" in installed()
 
@@ -216,7 +216,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
 
   test "accepts content-size below limit", %{message: message} do
     clear_config([:mrf_steal_emoji, :download_unknown_size], false)
-    mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2}])
+    mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "2"}])
 
     refute "firedfox" in installed()