Forbid outgoing requests in activitypub tests (fixes #2289) (#2294)

This commit is contained in:
Nutomic 2022-06-03 15:31:22 +00:00 committed by GitHub
parent 339eab01fd
commit 5387c262c1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 3 deletions

1
Cargo.lock generated
View file

@ -1962,6 +1962,7 @@ dependencies = [
"serial_test",
"sha2",
"strum_macros",
"task-local-extensions",
"tracing",
"url",
"uuid",

View file

@ -49,3 +49,4 @@ parking_lot = "0.12.0"
serial_test = "0.6.0"
assert-json-diff = "2.0.1"
reqwest-middleware = "0.1.5"
task-local-extensions = "0.1.1"

View file

@ -55,6 +55,7 @@ pub(crate) fn verify_is_remote_object(id: &Url) -> Result<(), LemmyError> {
#[cfg(test)]
pub(crate) mod tests {
use actix::Actor;
use anyhow::anyhow;
use diesel::{
r2d2::{ConnectionManager, Pool},
PgConnection,
@ -71,9 +72,25 @@ pub(crate) mod tests {
};
use lemmy_websocket::{chat_server::ChatServer, LemmyContext};
use parking_lot::Mutex;
use reqwest::Client;
use reqwest_middleware::ClientBuilder;
use reqwest::{Client, Request, Response};
use reqwest_middleware::{ClientBuilder, Middleware, Next};
use std::sync::Arc;
use task_local_extensions::Extensions;
struct BlockedMiddleware;
/// A reqwest middleware which blocks all requests
#[async_trait::async_trait]
impl Middleware for BlockedMiddleware {
async fn handle(
&self,
_req: Request,
_extensions: &mut Extensions,
_next: Next<'_>,
) -> reqwest_middleware::Result<Response> {
Err(anyhow!("Network requests not allowed").into())
}
}
// TODO: would be nice if we didnt have to use a full context for tests.
pub(crate) fn init_context() -> LemmyContext {
@ -89,7 +106,7 @@ pub(crate) mod tests {
.build()
.unwrap();
let client = ClientBuilder::new(client).build();
let client = ClientBuilder::new(client).with(BlockedMiddleware).build();
let secret = Secret {
id: 0,
jwt_secret: "".to_string(),